|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Synkron.web Cross Site Scripting
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Jun 06 2003 - 08:11:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Synkron.web Cross Site Scripting
READ ONLINE:
http://www.secunia.com/advisories/8963/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
Synkron.web 3.x
DESCRIPTION:
A vulnerability has been identified in Synkron.web allowing malicious
people to conduct Cross SIte Scripting.
The problem is that search strings aren't properly verified. This
allows malicious people to perform trivial Cross Site Scripting, by
searching for:
"><evil_script_or_html>
SOLUTION:
Use a firewall or proxy server with URL filtering capabilities to
filter malicious characters from requests.
REPORTED BY / CREDITS:
Torben Frohn (Gyrniff)
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]