CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS
Product: OpenSSO Integration
Vendor: NYU
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7293
Risk Level: Medium
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]
http://whitehatpost.blog.163.com/blog/static/24223205420151109249850
评论