Bug: XSS in AstroCam ( Ascii Version )

Search:
WLB2

XSS in AstroCam

Published
Credit
Risk
2008.05.06
Steffen Wendzel
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2008-2075
Yes
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

XSS in AstroCam 2.5.x/2.6.x/2.7.[123]
-------------------------------------

Software: AstroCam
Vulnerable: 2.5.0-2.7.3
Not vulnerable: 2.7.4
Class: Input Validation Error
Remote: Yes
Local: Yes
Credit: This issue was announced by the vendor.
Anouncement: http://wendzel.de/?sub=showpost&blogid=5&postid=56
Project URL: http://wendzel.de/?sub=softw&ssub=acam

Description:

It was possibly to execute HTML embedded script code
in pic.php.

Patch/URL can be found here:
http://sourceforge.net/project/showfiles.php?group_id=85523

regards
Steffen Wendzel

--
http://www.wendzel.de/?sub=steffen

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version