what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 33888

Secunia Security Advisory 33888
Posted Feb 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Pebble, which can be exploited by malicious people to conduct cross-site scripting attacks

tags | advisory, xss
SHA-256 | a19edff6576eff3f74c19cd2ae808f408cdbf0a73d81dfd28c448e162d244572

Secunia Security Advisory 33888

Change Mirror Download
----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Pebble Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA33888

VERIFY ADVISORY:
http://secunia.com/advisories/33888/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
Pebble 2.x
http://secunia.com/advisories/product/21360/

DESCRIPTION:
A vulnerability has been reported in Pebble, which can be exploited
by malicious people to conduct cross-site scripting attacks

Input passed via unspecified parameters is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

The vulnerability is reported in versions prior to 2.3.2.

SOLUTION:
Update to version 2.3.2.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits James Roper.

ORIGINAL ADVISORY:
http://sourceforge.net/project/shownotes.php?release_id=660130

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close