Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21450
HistoryMar 09, 2009 - 12:00 a.m.

DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability

2009-03-0900:00:00
vulners.com
28
JSON

Title

DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability

Severity

Low

Date Discovered

January 19th, 2009

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: David Marshall and r@b13$

Vulnerability Description

Alterations of the title and message parameters in vBook allow attacks to specify arbitrary web or scripting content. This allows scripting tags to be executed by the browser to perform XSS attacks. Such an attack would require convincing a user to click on a specially crafted link.

Solution Description

No patch is available at this time.

Tested Systems / Software (with versions)

Windows Server 2003, IIS vBook v 4.2.17

Vendor Contact

Vendor Name: Retrieve Technologies, Inc.
Vendor Website: http://www.retrieve.com/index.html

JSON