Computer Security

Security Advisory: WebDirector XSS vuln.
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  PHP-Nuke (ALL versions) Multiple XSS and HTML injection

  Mambo 4.6.2 CMS - Session fixation Issue in backend Administration interface

  WikiWebWeaver 1.1 beta  Upload Shell  Vulnerability

  [Full-disclosure] *****SPAM***** New Wordpress 2.2.1 Vulnerabilities and the First Weblog XSS Worm

From:r0t <krustevs_(at)_googlemail.com>
Date:01.08.2007
Subject:WebDirector XSS vuln.

WebDirector XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 1 August 2007
vendor:www.webdirector.ru
orginal advisory:
http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.html
affected versions:2.2 and previous
###############################################

WebDirector contains a flaw that allows a remote Cross-Site Scripting
attacks.Input passed to the "deslocal" parameter in "webdirector/index.php"
isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru