Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: SaltOS URL PHPExcel Cross-Site Scripting Vulnerability
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
See the original Secunia advisory:
SaltOS URL PHPExcel Cross-Site Scripting Vulnerability
| Secunia | SaltOS URL PHPExcel Cross-Site Scripting Vulnerability |
|---|---|
 |
21st Aug, 2012 14:00 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
Stefan Schurtz has discovered a vulnerability in SaltOS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after lib/phpexcel/PHPExcel/Shared/JAMA/docs/download.ph The vulnerability is confirmed in version 3.1 build 4941. Other versions may also be affected. |
| Gog55 | RE: SaltOS URL PHPExcel Cross-Site Scripting Vulnerability | ||||||||
|
21st Aug, 2012 14:00 | ||||||||
| Score: 0 Posts: 1 User Since: 21st Aug 2012 System Score: N/A Location: UA Last edited on 21st Aug, 2012 14:00 |
Solution Status - Vendor Patch; Solution - No official solution is currently available.. ?! oO | ||||||||
|
|||||||||
| josepsanzcamp | RE: SaltOS URL PHPExcel Cross-Site Scripting Vulnerability | ||||||||
|
|
23rd Aug, 2012 01:34 | ||||||||
| Score: 0 Posts: 1 User Since: 23rd Aug 2012 System Score: N/A Location: ES |
Hi users. The issue was fixed in the nightly SaltOS-3.1-5694.noarch.tgz (2012-08-14). The bug allows to use an unused php file (code/lib/phpexcel/PHPExcel/Shared/JAMA/docs/downl Josep Sanz, saltos.net |
||||||||
|
|||||||||
