Export to GitHub

miranda - issue #1635

XSS vulnerability in Addons miranda-im

Posted on Sep 18, 2012 by Massive Horse

The Sub domain/the domain for Addons in Miranda-im is vulnerable to a Cross Site Scripting Attack The vulnerability enables the attacker to inject the client side script and makes the registered users accounts a victim

The error in this website is Reflective Non Persistent error The server gives a immediate pop up showing the error without properly sanitizing the request. http://addons.miranda-im.org/login.php?redirect=%22%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

Attachments

XS.jpg 88.23KB

Comment #1

Posted on Sep 19, 2012 by Helpful Cat

(No comment was entered for this change.)

Comment #2

Posted on Sep 19, 2012 by Massive Horse

Comment deleted

Comment #3

Posted on Sep 27, 2012 by Massive Horse

Whats happening why till now the bug is patched

Status: Assigned

Labels:
Private Priority-High Type-Bug Component-Website