WebWasher Conf Script Cross-Site Scripting Vulnerability
BID:13037
Info
WebWasher Conf Script Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13037 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2005 12:00AM |
| Updated: | Apr 06 2005 12:00AM |
| Credit: | This vulnerability was discovered by 'Oliver Karow' <[email protected]>. |
| Vulnerable: |
WebWasher WebWasher CSM 4.4.1 Build 752 |
| Not Vulnerable: |
WebWasher WebWasher CSM 4.4.1 Build 1613 |
Discussion
WebWasher Conf Script Cross-Site Scripting Vulnerability
It is reported that the WebWasher 'conf' script is prone to a cross-site scripting vulnerability.
A remote attacker may exploit this issue to have arbitrary script and HTML code executed in the browser of a target user. Code execution would occur in the context of the vulnerable Website. Because of this, malicious script code may access authentication cookies and other data that are associated with the domain.
WebWasher CSM 4.4.1 (Build 752) is reported prone to this issue, other versions might also be affected.
It is reported that the WebWasher 'conf' script is prone to a cross-site scripting vulnerability.
A remote attacker may exploit this issue to have arbitrary script and HTML code executed in the browser of a target user. Code execution would occur in the context of the vulnerable Website. Because of this, malicious script code may access authentication cookies and other data that are associated with the domain.
WebWasher CSM 4.4.1 (Build 752) is reported prone to this issue, other versions might also be affected.
Exploit / POC
WebWasher Conf Script Cross-Site Scripting Vulnerability
The following example is available:
http://www.example.com:9090/conf?navTo1=Rep&navTo2=Dean"><script>alert("Welcome%20to%20Webwasher");alert("Script%20Code%20will%20be%20executed")</script>on&userId=default&foo
=1549218
The following example is available:
http://www.example.com:9090/conf?navTo1=Rep&navTo2=Dean"><script>alert("Welcome%20to%20Webwasher");alert("Script%20Code%20will%20be%20executed")</script>on&userId=default&foo
=1549218
Solution / Fix
WebWasher Conf Script Cross-Site Scripting Vulnerability
Solution:
It is reported that the vendor has address this issue in Webwasher CSM 4.4.1 (build 1613). This is not confirmed.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that the vendor has address this issue in Webwasher CSM 4.4.1 (build 1613). This is not confirmed.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
WebWasher Conf Script Cross-Site Scripting Vulnerability
References:
References:
- Webwasher Classic Product Homepage (Webwasher)