exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Eclipse Birt Report Viewer 4.5.0 Cross Site Scripting

Eclipse Birt Report Viewer 4.5.0 Cross Site Scripting
Posted Jan 27, 2016

Eclipse Birt Report Viewer versions 4.5.0 and below suffer from a persistent cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 69a4754bb354b6494f39716677edb9890c7c5c0beb35f24950e1109deed68f22

Eclipse Birt Report Viewer 4.5.0 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

#Title: Eclipse Birt Report Viewer v4.5.0 and below Persistent XSS
#Vendor homepage: http://www.eclipse.org
#Exploit Author: Multiple parties reported to vendor. (first in 2008!)
#Vulnerability: Presistent XSS when viewing report with malicious code


Description:
When previewing a generated report in the document viewer, the report
viewer fails to sanitize the report data pulled from a database and will
execute javascript and other code. the vendor has been notified by
multiple parties, but there has been no activity on the issue.
Based on other similar bug tickets on the issue tracker. Please refer to
the eclipse bug tracker page tickets below for additional information.
this has been an issue since version 2.2.2 at least:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=233219
https://bugs.eclipse.org/bugs/show_bug.cgi?id=484952
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWo75oAAoJEGoTpzhfiAPx7HwP/1jrw7Pcy//Tj1YwRGhb6SZ4
/JyV4GBsTNzXFRgk3S8uvE8txJ0m/TlK7tnJ5HkXS5yGoEvxFjTwtauwrBF7ZGQN
gZDKW5i55sKRWW3PKuLC3yf9czD/u7fzcEecYFx9XiiMY0lvPFoNMsCT3tu9cKZj
Xt6jx1KBdBYtK7avBU8y/8FUnmwUX0GPOd5xij1uaxw5CWhRQ4hqy38D7VZSv1X5
iJfTzVVoOkEievtejA1sOnjfd9NAKYizjIaOB0utpKexY2X9xDQXPSZUSSiyBKpC
bF7i+5XkzKxxPpI6OpK15Na3lSkslHyzjacaPYabwMB1p8+YMnlC0JBw0lJpaK5Z
yyFbenCg/LSmHl5RYxtyScnQIT8wXNXw1sscIiFtdf2esFZcpAjfxvKOPCDkDuvK
EvNSUyBlYE92gjov9dChN4nIFT1kKczyynH6bFieNJm/VrshMJIElz+uHi+zIVTz
X03qnaEF4zLHGc28iFQ/t2QLtmhSch+UH5Wb5Gy5WrJ0XmvId8E88AdyGuVk2dQI
y6jwQUCnoSf44fYYQpthwDeG8X0byGuxeXQAXiUPMjQ8rC37k00kJArjIrVcYIfg
HC3z+UrxOpna1Ed7/Nq6qzMNPSnDBTn5oODMx64aSBCnC4dSluWRDWmiJ7DHPwPe
Rt3YDLY9syVRED/slOvd
=h200
-----END PGP SIGNATURE-----




Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close