|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] MegaBook Cross-Site Scripting Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Jul 02 2003 - 08:44:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
MegaBook Cross-Site Scripting Vulnerabilities
READ ONLINE:
http://www.secunia.com/advisories/9159/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
MegaBook 2.x
DESCRIPTION:
Some vulnerabilities have been reported in MegaBook, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks
against other users.
The vulnerabilities are caused due to missing validation of user
input. This can eg. be exploited by including script code in an entry
in the guest book, which will be executed in a user's browser
session, when a malicious post is viewed.
Successful exploitation can result in disclosure of various
information (eg. cookie-based authentication information) associated
with the site running MegaBook or inclusion of malicious content,
which the user thinks is part of the real website.
SOLUTION:
Use another product.
REPORTED BY / CREDITS:
Donnie Werner
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]