[Vtigercrm-developers] XSS in migration
Amiad Bareli
amiad at appsec-labs.com
Thu Oct 30 10:46:33 GMT 2014
I found XSS bug in the migiration:
https://demo.vtiger.com/migrate/?error=%3Cscript%3Ealert%280%29;%3C/script%3EXSS
(Chrome block XSS. Try other browser)
Please, fix its quickly.
Amiad
AppSec Labs
---
See more of our services here:
[image:
https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcTtCOu1M8zBp0UqX2-jV94wQGj-Dvk1FmsVznGLBN-h-6Y2kItD]
<http://www.facebook.com/AppsecLabs>[image:
http://www.artrix.co.uk/UserFiles/image/whatson/youtube.jpg]
<http://youtu.be/0wkdPoHWkHc>[image:
http://www.brandonu.ca/careerplanning/files/2010/08/linkedin-logo.png]
<http://www.linkedin.com/groups/AppSec-Labs-2803406>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20141030/d11c21cb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 3052 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20141030/d11c21cb/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 1969 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20141030/d11c21cb/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2339 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20141030/d11c21cb/attachment-0001.jpg>
More information about the vtigercrm-developers
mailing list