Bugtraq mailing list archives
VisualSentinel 0.7 Cross Agent Scripting Vulnerability
From: bugtraq () opencosmo com
Date: 31 May 2008 02:35:39 -0000
VisualSentinel 0.7 Cross Agent Scripting # Discovered by: Alfredo Panzera, Opencosmo Security # Software vendor: http://www.opencosmo.com # Date: 31-05-2008 # Vulnerability: The vulnerability consists on inject javascript code falsify the user agent's attacker during an attack and then save in the log the user agent falsified. # Vulnerable string: $user_useragent = $_SERVER ['HTTP_USER_AGENT']; # Solution: The development team has promptly issued a patch the vulnerability. You can download the latest version from the download page. http://www.opencosmo.com/product-1.html ############################################################################## Opencosmo Security http://www.opencosmo.com
Current thread:
- VisualSentinel 0.7 Cross Agent Scripting Vulnerability bugtraq (May 31)
- <Possible follow-ups>
- Re: VisualSentinel 0.7 Cross Agent Scripting Vulnerability m . morcote (May 31)