jetlib.sec » Bugtraq » Mibew messenger multiple XSS

Feeds

132963 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Bugtraq

• January 30, 2012
• 

  Mibew messenger multiple XSS

  Posted: January 30th, 2012, 10:34am PST

  Tags:   

  Posted by Filippo Cavallarin on Jan 30

  Advisory ID: CSA-12001
  Title: Mibew messenger multiple XSS
  Product: mibew messenger
  Version: 1.6.4 and probably prior
  Vendor: mibew.org
  Vulnerability type: XSS
  Vendor notification: 2012-01-07
  Public disclosure: 2012-01-24
  
  Mibew messenger version 1.6.4 an probably below is vulnerable to multiple XSS (and persistent XSS).
  They are all an POSTs and can be exploited due to the lack of CSRF protection
  
  1) Input passed...