Crafty Syntax Xss Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Crafty Syntax Xss Vulnerability
- From: Ozgur Ozdemircili <ozgur.ozdemircili@xxxxxxxxx>
- Date: Mon, 18 Feb 2008 13:48:57 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; bh=gZMF+YcuWaDrSK/sTaviNP4X2ooTLiwZMTZdvdCqzyc=; b=xDMIKIN+lcAurhqCSZdYA1KhMn3qx+LkFrx3MVPdvRrZgYjUFI9bGM+uwRGAs7VnwTgIUzg7mXj/5CQjJJO6IsDi0bLvDSidnfcmXpabjZokGrXLAb2A7Z6wl48Nndcy33D/7Wno2nsZSXxWiIeXj2bR87F2xuvVcj5dmSCUWbQ=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=iai/4fMT5rIn2IZnBOmNC0Z3E/Pr0cp7REhl/Pm+aw2kcxVA6CayLPDvttplQyn6/lUvwA+p7/as7dA/kImPg4h4ZxEQnD9Y+pH9Rvalj4jDPz2KAatOdkGbQSMyzjJHHfcPwwgA2H/xY8XxT4nF8RvG34GtgGdtloU7Ld/+DcQ=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
- User-agent: Thunderbird 2.0.0.9 (X11/20071031)
Crafty Syntax Live Help is an open source help desk system built
mainly for small-mid sized companies. The software includes an xss
vulnerability on lostsheep.php module.
Versions effected: 2.4.13 - 2.4.14
--
Ozgur Ozdemircili
CCNA, HIPAA, OPSEC,
Open Source Security Systems
http://www.enderunix.org/ozgur