mailing list archives
RE: PHP Addressbook v8.2.5 Group Name XSS
From: "Kenneth F. Belva" <ken () silverbackventuresllc com>
Date: Sat, 15 Dec 2012 06:23:01 -0700
I can confirm that the below vulnerability also applies v8.2.5, the
PHP Addressbook software URL:
I don't mean to clog the list but I was doing research on an earlier
version and didn't realize that a later version was also released.
-------- Original Message --------
Subject: Addressbook v18.104.22.168 Group Name XSS
From: "Kenneth F. Belva" <research () silverbackventuresllc com>
Date: Wed, December 12, 2012 8:15 am
To: bugtraq () securityfocus com
After authentication, click on the Group tab at the top. Click on the
New Group Button on the group page.
For the group name (the first field) enter the following XSS test
Then call the XSS string from the URL -- technically one calls the
name -- through the group parameter as such:
I emailed the apparent author but did not receive a reply.
- RE: PHP Addressbook v8.2.5 Group Name XSS Kenneth F. Belva (Dec 17)