Home page logo

bugtraq logo Bugtraq mailing list archives

Pebble 2.0.0 RC[1,2] XSS vulnerability
From: "Paolo Perego" <thesp0nge () gmail com>
Date: Mon, 2 Oct 2006 10:09:06 +0200

Software: Pebble
Version: 2.0.0 RC1 - 2.0.0 RC2
Author: Simon Brown
Homepage: http://pebble.sourceforge.net

Pebble is a blogging system built upon java and XML. There is no
database to store the data into but just XML is used instead.


Vulnerability: XSS vulnerability in "search" functionality. Query
string wasn't parsed for HTML and while printing it out for "Search
with google" link, the XSS can be done.

Disable "Search with google" link in the user result page or, better,
update to the latest version in subversion.


Author contacted: 20 september
Author replyed: 20 september
Patch published in Subversion archive: 27 september


This advisory intended to be informational. No responsibility is taken
for its misuse.

  By Date           By Thread  

Current thread:
  • Pebble 2.0.0 RC[1,2] XSS vulnerability Paolo Perego (Oct 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]