|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11090] MyProxy Cross Site Scripting Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Mar 12 2004 - 04:12:53 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
MyProxy Cross Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA11090
VERIFY ADVISORY:
http://secunia.com/advisories/11090/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
MyProxy
DESCRIPTION:
Donato Ferrante has reported a vulnerability in MyProxy, allowing
malicious people to conduct Cross Site Scripting attacks.
The problem is that user input supplied in URLs is not properly
sanitised before being returned in error messages. This can be
exploited to inject arbitrary HTML and script code.
The vulnerability has been reported in release 20030629 and prior.
SOLUTION:
Reportedly, this will be fixed in the next release.
PROVIDED AND/OR DISCOVERED BY:
Donato Ferrante
ORIGINAL ADVISORY:
http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]