Post Revolution Multiple HTML Injection and Denial of Service Vulnerabilities


Post Revolution is prone to multiple html-injection vulnerabilities and a denial-of-service vulnerability because the application fails to sufficiently sanitize user-supplied input.


The information has been provided by Javier Bassi.
The original article can be found at:


Vulnerable Systems:
 * Post Revolution PostRev 0.8.0c

Immune Systems:
 * Post Revolution PostRev 0.8.0c-2

An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Vendor Status:
The vendor has released an update and an advisory.

Patch Availability:

CVE Information:

Disclosure Timeline:
Initial Release: Jun 01 2011

Categories: News