Eventum version 2.3.1 suffers from a stored cross site scripting vulnerability.
cb295a1e7e93f019aa19e9a36adcdb63bce4b05f67ec606e15dee157e351b661
# Exploit Title: Eventum 2.3.1 stored XSS
# Date: 19-2-2011
# Author: Saif El-Sherei
# Software Link: [download link if available]
# Version: Eventum 2.3.1
# Tested on: FF 3.0.15, IE 8
# Vendor notification: vendor notified, awaiting response
Info:
Eventum is a user-friendly and flexible issue tracking system that can be
used by a support department to track incoming technical support requests,
or by a software development team to quickly organize tasks and bugs.
Details:
The "Full-Name" variable is not properly sanitized before displayed in any
page. where an authorized user can perform this attack on other users who
has access to the system, by changing his own "full-name" in the preferences
section.
POC:
<script>alert('w00t');</script>
Regards,
Saif El-Sherei
OSCP