Full Disclosure mailing list archives
OXATIS 'EMSJ' Cross Site Scripting Vulnerability
From: HTTPCS <contact () httpcs com>
Date: Fri, 7 Mar 2014 23:19:41 +0100 (CET)
HTTPCS Advisory : HTTPCS125 Product : OXATIS Version : Date : 2014-03-07 Criticality level : Less Critical Description : A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMSJ' parameter to '/EmailPopupWnd.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Page : /EmailPopupWnd.asp Variables : EMSJ=[VulnHTTPCS] Type : XSS Method : GET Solution : References : https://www.httpcs.com/en/advisory/httpcs125 Credit : HTTPCS [Web Vulnerability Scanner] _______________________________________________ https://www.httpcs.com/advisories _______________________________________________ Twitter : http://twitter.com/HTTPCS_ Free web vulnerability scanner HTTPCS : https://www.httpcs.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OXATIS 'EMSJ' Cross Site Scripting Vulnerability HTTPCS (Mar 10)