Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Baby Gekko Multiple Cross-Site Scripting Vulnerabilities
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
See the original Secunia advisory:
Baby Gekko Multiple Cross-Site Scripting Vulnerabilities
| Secunia | Baby Gekko Multiple Cross-Site Scripting Vulnerabilities |
|---|---|
 |
4th May, 2012 17:24 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
Gjoko Krstic has discovered multiple vulnerabilities in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "username", "email_address", "password", "password_verify", "firstname", "lastname", and "verification_code" parameters to users/action/register is not properly sanitised in apps/users/registration.template.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.2.0. Other versions may also be affected. |
| babygekko | RE: Baby Gekko Multiple Cross-Site Scripting Vulnerabilities | ||||||||
|
4th May, 2012 17:24 | ||||||||
| Score: 0 Posts: 1 User Since: 4th May 2012 System Score: N/A Location: CA Last edited on 4th May, 2012 17:25 |
This is INCORRECT. v1.2.0 is NOT affected. Only v1.1.5 is affected. Secunia should either verify first or contact the vendors first prior to automatically publishing the vulnerability. http://www.babygekko.com/site/news/general/baby-ge... |
||||||||
|
|||||||||
