OpenConf Paper Submission HTML Injection Vulnerability

Bugtraq ID:	12554
Class:	Input Validation Error
CVE:	CVE-2005-0407
Remote:	Yes
Local:	No
Published:	Feb 15 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	Discovered by RedTeam.
Vulnerable:	OpenConf OpenConf 1.0 4
Not Vulnerable:	OpenConf OpenConf 1.10

OpenConf Paper Submission HTML Injection Vulnerability

OpenConf is prone to an HTML injection vulnerability. This is due to insufficient validation of data supplied through paper submissions within the OpenConf system.

This may permit an attacker to inject hostile HTML and script code into the session of a user who is reviewing the submitted paper. Theft of cookie-based credentials is possible in addition to other attacks.

OpenConf Paper Submission HTML Injection Vulnerability

There is no exploit required.

OpenConf Paper Submission HTML Injection Vulnerability

Solution:
This issue has been addressed in OpenConf 1.10.


OpenConf OpenConf 1.0 4

• OpenConf OpenConf 1.10
  http://www.zakongroup.com/technology/openconf-download.php

OpenConf Paper Submission HTML Injection Vulnerability

References:

• Cross Site Scripting Vulnerability in Openconf Conference Management Software (RedTeam)
  
• OpenConf Homepage (OpenConf)