InterSpire ArticleLive NewComment Cross-Site Scripting Vulnerability
BID:12879
Info
InterSpire ArticleLive NewComment Cross-Site Scripting Vulnerability
| Bugtraq ID: | 12879 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0881 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery of this vulnerability is credited to mircia mircia <[email protected]>. |
| Vulnerable: |
Interspire ArticleLive 2005 |
| Not Vulnerable: | |
Discussion
InterSpire ArticleLive NewComment Cross-Site Scripting Vulnerability
Interspire ArticleLive 2005 is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Interspire ArticleLive 2005 is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
InterSpire ArticleLive NewComment Cross-Site Scripting Vulnerability
No exploit is required.
The following proof of concept is available:
http://www.example.com/articles/newcomment?ArticleId=">&lt;script&gt;alert('hi')&lt;/script&gt;
No exploit is required.
The following proof of concept is available:
http://www.example.com/articles/newcomment?ArticleId=">&lt;script&gt;alert('hi')&lt;/script&gt;
Solution / Fix
InterSpire ArticleLive NewComment Cross-Site Scripting Vulnerability
Solution:
The vendor has addressed this issue in the latest release of the software.
Interspire ArticleLive 2005
Solution:
The vendor has addressed this issue in the latest release of the software.
Interspire ArticleLive 2005
-
Interspire ArticleLive 2005.0.5
http://www.interspire.com/articlelive/
References
InterSpire ArticleLive NewComment Cross-Site Scripting Vulnerability
References:
References:
- ArticleLive Homepage (Interspire)
- Interspire ArticleLive 2005 (php version) is vulnerable to XSS (mircia