OXATIS 2017 Cross Site Scripting

2017.04.25
Credit: HTTPCS
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Dear Sir or Madam, A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. HTTPCS Advisory : HTTPCS159 Product : OXATIS Version : 2017 Page : /PBSubscribe.asp Variables : newsradio=1&EMail=[VulnHTTPCS] Type : XSS Method : GET Description : A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. References : <https://www.httpcs.com/advisory/httpcs159> https://www.httpcs.com/advisory/httpcs159 Credit : HTTPCS [Web Vulnerability Scanner] ------------------------------------------------------ *For your security no information will be communicated before the update. ------------------------------------------------------ Cordialement,


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top