Crafty Syntax Xss Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Crafty Syntax Xss Vulnerability
From: Ozgur Ozdemircili <ozgur.ozdemircili@xxxxxxxxx>
Date: Mon, 18 Feb 2008 13:48:57 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; bh=gZMF+YcuWaDrSK/sTaviNP4X2ooTLiwZMTZdvdCqzyc=; b=xDMIKIN+lcAurhqCSZdYA1KhMn3qx+LkFrx3MVPdvRrZgYjUFI9bGM+uwRGAs7VnwTgIUzg7mXj/5CQjJJO6IsDi0bLvDSidnfcmXpabjZokGrXLAb2A7Z6wl48Nndcy33D/7Wno2nsZSXxWiIeXj2bR87F2xuvVcj5dmSCUWbQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=iai/4fMT5rIn2IZnBOmNC0Z3E/Pr0cp7REhl/Pm+aw2kcxVA6CayLPDvttplQyn6/lUvwA+p7/as7dA/kImPg4h4ZxEQnD9Y+pH9Rvalj4jDPz2KAatOdkGbQSMyzjJHHfcPwwgA2H/xY8XxT4nF8RvG34GtgGdtloU7Ld/+DcQ=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 2.0.0.9 (X11/20071031)

Crafty Syntax Live Help is an open source help desk system built
mainly for small-mid sized companies. The software includes an xss
vulnerability on lostsheep.php module.

Versions effected: 2.4.13 - 2.4.14


-- 
Ozgur Ozdemircili
CCNA, HIPAA, OPSEC,
Open Source Security Systems
http://www.enderunix.org/ozgur

Prev by Date: joomla SQL Injection(com_ricette)
Next by Date: Wordpress Plugin (wp-people) SQL Injection
Previous by thread: joomla SQL Injection(com_ricette)
Next by thread: Re: Crafty Syntax Xss Vulnerability
Index(es):
- Date
- Thread