Assetman <= 2.4a XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Assetman <= 2.4a XSS
From: zerogue@xxxxxxxxx
Date: 23 May 2006 17:54:36 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Assetman <= 2.4a XSS

Discovered by: Nomenumbra
Date: 23/5/2006
impact:moderate (privilege escalation,possible defacement)

Assetman doesn't filter any of it's input, allowing users
to inject arbitrary HTML or javascript code.

Nomenumbra

Prev by Date: ByteHoard <= 2.1 multiple vulnerabilities
Next by Date: Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities
Previous by thread: ByteHoard <= 2.1 multiple vulnerabilities
Next by thread: Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities
Index(es):
- Date
- Thread