mailing list archives
Re: XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
From: Henri Salo <henri () nerv fi>
Date: Sat, 2 Mar 2013 19:17:34 +0200
On Fri, Mar 01, 2013 at 11:50:00PM +0200, MustLive wrote:
I'm resending my letter from February 23, 2013 (since FD was not working
After my previous list of vulnerable software with ZeroClipboard.swf, here
is a list of software with ZeroClipboard10.swf. These are Cross-Site
Scripting vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django
Earlier I've wrote about Cross-Site Scripting vulnerabilities in
ZeroClipboard (http://seclists.org/fulldisclosure/2013/Feb/103). I wrote
that this is very widespread flash-file and it's placed at tens of thousands
of web sites. And it's used in hundreds of web applications. Among them are
em-shorty, RepRapCalculator, Fulcrum (CMS), Django and aCMS. And there are
many other vulnerable web applications with ZeroClipboard10.swf (some of
them also contain ZeroClipboard.swf).
So did you report this vulnerability to those projects? Even to security@ or
similar address? I noticed this vulnerability from WordPress plugins. Did you
report those? Did you ask CVE identifiers?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/