Home page logo

bugtraq logo Bugtraq mailing list archives

SiteCore XML Control Script Insertion
From: Mark Litchfield <mark () securatary com>
Date: Tue, 28 Jan 2014 23:10:47 -0800

Hey All,

Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack – more can be achieved with these XML Controls and will be documented in another vulnerability report


More information can be found at http://www.securatary.com/vulnerabilities - Also listed is a useful text file for use with Burp when auditing SiteCore.

  By Date           By Thread  

Current thread:
  • SiteCore XML Control Script Insertion Mark Litchfield (Jan 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]