Uapplication Ublog Cross-Site Scripting Vulnerability

Bugtraq ID:	12931
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 29 2005 12:00AM
Updated:	Mar 29 2005 12:00AM
Credit:	Discovery is credited to PersianHacker Team <[email protected]>.
Vulnerable:	Uapplication Ublog 1.0.4 Uapplication Ublog 1.0.3 Uapplication Ublog 1.0
Not Vulnerable:

Uapplication Ublog Cross-Site Scripting Vulnerability

Ublog is affected by a cross-site scripting vulnerability.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Ublog 1.0.4 and prior versions are reportedly affected by this issue.

Uapplication Ublog Cross-Site Scripting Vulnerability

No exploit is required.

The following proof of concept URI is available:
http://www.example.com/login.asp?msg=<script>alert(XSS)</script>

Uapplication Ublog Cross-Site Scripting Vulnerability

Solution:
It is reported that Ublog 1.0.5 is not affected by this issue. This information is not confirmed at the moment. Please contact the vendor for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Uapplication Ublog Cross-Site Scripting Vulnerability

References:

• Uapplication Home Page (Uapplication)
  
• [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilitie (PersianHacker Team )