SimpLISTic version 2.0 suffers from a cross site scripting vulnerability.
b75c47d7ed7ecaf745c2136242fc7f9f452149d3b5032df21a25c9d631a46b7c
New eVuln Advisory:
email XSS in SimpLISTic
Summary: http://evuln.com/vulns/145/summary.html
Details: http://evuln.com/vulns/145/description.html
-----------Summary-----------
eVuln ID: EV0145
Software: SimpLISTic
Vendor: Mrcgiguy
Version: 2.0
Critical Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
XSS vulnerability found in email.cgi script. 'email' parameter is not properly sanitized.
'email' parameter pass through similar filter but not XSS filter.
Any user may add email containing special code.
"List addresses" page in Admin panel is vulnerable.
--------PoC/Exploit--------
Example of XSS
email XSS PoC code for SimpLISTic is available.
XSS
Email: email@website.com</textarea><script>alert('XSS vulnerability')</script>
---------Solution----------
Available at http://evuln.com/vulns/145/solution.html
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/xss/ - recent xss vulns.