vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed .

exactlly in add rss url

by adding :  "><script>alert(document.cookie);</script>

a cool messege box appear with cookies ;)


earlier versions affected also .
-----------------------------------------------------------------------------
Discovered by meto5757


-----------------------------------------------------------------------------
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux