[ZendTo] XSS

Keith Erekson kbe2 at lehigh.edu
Tue Mar 1 22:09:54 GMT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tested on Mac OS X 10.10, seems to work in Firefox (41 and 44), but not
Chrome (48) nor Safari (9).

(pickup.php, not pickup/php for anyone who wants to try)

~Keith

On 03/01/2016 02:14 PM, Chris Venter wrote:
> Hi
>
> Our security audit has highlighted a possible reflected cross site
scripting error on the pickup.php page,to test we ran
>
> https://server_name/pickup/php?emailAddr=test" /><script>alert('XSS
Test')</script>
>
> Can anyone else confirm if this is an issue?
>
> Thanks
> CJ
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJW1hMwAAoJEMdFVhhDm2SFxyEH+wVvzU2y4/Th4oMZKZruI+cb
At3pe8Sh/pEbMYgLUr7jpnuRKMPXs2Q+W7r0f9m/7P8s0TYWsfpOBhW7v2FC7uQ5
wep0NfZUByqFZpARocE9WB/2zRxh6oxOOy1RCcZjjnCNKBF2aVBvJUF7kfl2O57O
CwsWnXfosMNwBOsLTWzbSaV+FsoPLX4Ow5RH/cI1eBd64TLxOr+tmIsXatp+vua7
dtilpqxehF1REMyZyJx0e6u2pTdrsFJ5HoPinkk8GbsS2Q+hFfctan7NMsUr2gdP
BBmnSlSvAd3nzlFhlSApIA/+JbfSD6eooDcUxxNWJhWZP32s31+uTcg+OyIJWf8=
=tpYG
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20160301/40fe5e91/attachment.html 


More information about the ZendTo mailing list