Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Vanilla v.1.1.7 Cross-Site Scripting
Vanilla v.1.1.7 Cross-Site Scripting
Author: Gerendi Sandor Attila (http://gsasec.blogspot.com/)
Date: May 14, 2009
Package: Vanilla (1.1.7)
Product Homepage: http://getvanilla.com/
Versions Affected: v.1.1.7 (Other versions may also be affected)
Severity: Medium
Input passed to the 'RequestName' header parameter when posting to 'updatecheck.php' is not sanitized before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Example:
http://somehost/ajax/updatecheck.php?PostBackKey=1&ExtensionKey=1&RequestName=1<script>alert(123)</script>
Will return:
1<script>alert(123)</script>|[ERROR]There was a problem authenticating your post information.
Status:
1. Contacted the author at: May 15, 2009 via http://lussumo.com/
Note:
-the original advisory place is at http://gsasec.blogspot.com/, but it will be published only after the vulnerability reception, validation and correction. Also at that time it may be reported to Secunia, SecurityFocus, etc.
0
Comments
Upgrade instructions here.
Thanks, Sanyi!