|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
SPIP contains a flaw that allows a remote cross site scripting like attack. This vulnerability could allow a user to create a specially crafted URL that would be redirected to after a succesful login on a trusted website.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Technical |
SPIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate that the variable "url" upon submission to the "ecrire/spip_login.php3" script. This could allow a user to create a specially crafted URL that would be redirected to after a succesful login on a trusted website.
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Inform your users to double check the URL after a succesful login.
Upgrade to spip 1.9.2
|
|
Products |
|
SPIP
 |
1.8.3 |
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
