Full Disclosure mailing list archives
Re: XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
From: Henri Salo <henri () nerv fi>
Date: Sat, 2 Mar 2013 19:17:34 +0200
On Fri, Mar 01, 2013 at 11:50:00PM +0200, MustLive wrote:
I'm resending my letter from February 23, 2013 (since FD was not working that day). After my previous list of vulnerable software with ZeroClipboard.swf, here is a list of software with ZeroClipboard10.swf. These are Cross-Site Scripting vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard (http://seclists.org/fulldisclosure/2013/Feb/103). I wrote that this is very widespread flash-file and it's placed at tens of thousands of web sites. And it's used in hundreds of web applications. Among them are em-shorty, RepRapCalculator, Fulcrum (CMS), Django and aCMS. And there are many other vulnerable web applications with ZeroClipboard10.swf (some of them also contain ZeroClipboard.swf).
So did you report this vulnerability to those projects? Even to security@ or similar address? I noticed this vulnerability from WordPress plugins. Did you report those? Did you ask CVE identifiers? -- Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS MustLive (Mar 01)
- Re: XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS Henri Salo (Mar 02)