WebGUI User Name Script Insertion Vulnerability

Posted on Thursday, January 18, 2007 @ 08:57:01 PST in Security
by Raven

SECUNIA ADVISORY ID: SA23754

VERIFY ADVISORY: http://secunia.com/advisories/23754/

CRITICAL: Moderately critical

IMPACT: Cross Site Scripting

SOFTWARE: WebGUI 7.x - http://secunia.com/product/13252/

DESCRIPTION: A vulnerability has been reported in WebGUI, which can be exploited by malicious people to conduct script insertion attacks.
Input passed as the user name during registration is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is then executed in a user's browser session in context of an affected site when the malicious content is displayed. The vulnerability is reported in versions prior to 7.3.5 (beta).

SOLUTION: A patch is available for version 7.0 or later ( http://www.plainblack.com/uploads/LF/80/LF80YmRk89KeOTBEK1FrcA/xss-patch.txt ). The vulnerability is fixed in 7.3.5 (beta).

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,438,596
  • Today: 42,185
Server InfoServer Info
  • Jan 23, 2018
  • 08:07 pm PST
 
 

Daily Inspiration