IV85103: Cross-site scripting (XSS) vulnerability


Using the trustee account (external.trustee.02) and the image upload functionality within the Maintain User Profile page, it was possible to upload an HTML file containing JavaScript when the file was renamed to JPG.

Here are the direct links to the fix packs in Fix Central:

Moving forward, the vulnerability has been identified and resolved.

Continue reading

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s