XSS Vulnerability in PageCookery Microblog
Advisory by Netsparker (now Invicti)
Name: XSS Vulnerability in PageCookery Microblog
Software:PageCookery 0.9.9 and possibly below.
Vendor Homepage: http://pagecookery.com/
Vulnerability Type: Cross-site Scripting
Researcher: Omar Kurt
Advisory Reference: NS-14-026
PageCookery is the first public offering of single-user version of the open source microblogging program, PHP + MySQL based architecture is a set of safety, efficiency and stability, to “share”, “discovery” for the concept of Web 2.0 solutions to micro-blog.
PageCookery Microblog is affected by XSS vulnerability 0.9.9.
PageCookery Microblog PoC urls are as follows:
- Cross-site Scripting
Learn more about Cross-site Scripting vulnerabilities:
29/04/2014 – First Contact
07/06/2014 – Second Contact
14/08/2014 – Advisory released
It has been discovered on testing of Invicti Web Application Security Scanner.
Invicti® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on.