oss-sec mailing list archives
Re: Multiple XSS vulnerabilities in Refinery CMS
From: Solar Designer <solar () openwall com>
Date: Sun, 21 Feb 2016 01:14:14 +0300
On Fri, Feb 19, 2016 at 09:07:30PM +0530, Shravan Kumar wrote:
I would like to publically disclose Multiple XSS Vulnerabilities Found in Refinery CMS.
As a moderator, I have to note that we have two inappropriate postings here - a link to an external PDF (in fact, the same one in two messages) and no detail in message body. I also have to admit that, although this kind of postings were frowned upon in the past, the "List Content Guidelines" did not explicitly discourage them. This is now corrected: http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines "At least the most essential part of your message (e.g., vulnerability detail or a PoC exploit) should in fact be in the message itself (and in plain text), rather than only included by reference to an external resource. Posting links to relevant external resources as well is acceptable, but posting only links is not." Going forward, PDF-only postings like this may be rejected. And, doing Shravan's homework this one time, I've attached a plain text export of the content from the PDF file. Unfortunately, this does not capture some of the detail and isn't formatted well (it might even be partially incorrect, showing some deleted text or such). Sorry about that - not my job. Shravan, on future occasions, please prepare a proper plain text description of whatever you post in here. Alexander
Attachment:
Penetration-testing-report--open-source-Ruby-on-rails-Refinery-CMS.txt
Description:
Current thread:
- Multiple XSS vulnerabilities in Refinery CMS Shravan Kumar (Feb 20)
- Re: Multiple XSS vulnerabilities in Refinery CMS Solar Designer (Feb 20)