Subscribe via feed.

Mango Automation 2.6.0 Cross Site Scripting

Posted by deepcore on September 29, 2015 – 7:46 am

Mango Automation version 2.6.0 is prone to a reflected cross site scripting vulnerability due to a failure to properly sanitize user-supplied input to the ‘username’ POST parameter in the ‘login.htm’ script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user’s browser session.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »