Survivor Unspecified Cross-Site Scripting Vulnerability
BID:13415
Info
Survivor Unspecified Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13415 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1388 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 28 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Announced by the vendor. |
| Vulnerable: |
Survivor Survivor 0.9.5 a |
| Not Vulnerable: |
Survivor Survivor 0.9.6 |
Discussion
Survivor Unspecified Cross-Site Scripting Vulnerability
Survivor is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks.
Survivor is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
Survivor Unspecified Cross-Site Scripting Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Survivor Unspecified Cross-Site Scripting Vulnerability
Solution:
An upgrade is available:
Survivor Survivor 0.9.5 a
Solution:
An upgrade is available:
Survivor Survivor 0.9.5 a
-
Survivor survivor-0.9.6.tar.gz
http://www.columbia.edu/acis/dev/projects/survivor/dl/survivor-0.9.6.t ar.gz
References
Survivor Unspecified Cross-Site Scripting Vulnerability
References:
References:
- Change Log (Survivor)
- Home Page (Survivor)