Positive Software Corporation SiteStudio HTML Injection Vulnerability
BID:13554
Info
Positive Software Corporation SiteStudio HTML Injection Vulnerability
| Bugtraq ID: | 13554 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2005 12:00AM |
| Updated: | May 09 2005 12:00AM |
| Credit: | Discovery is credited to Donnie Werner. |
| Vulnerable: |
Positive Software Corporation SiteStudio 1.6 Patch 1 Positive Software Corporation SiteStudio 1.6 Final |
| Not Vulnerable: | |
Discussion
Positive Software Corporation SiteStudio HTML Injection Vulnerability
SiteStudio is prone to an HTML injection vulnerability.
Attacker-supplied HTML and script code may be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
SiteStudio is prone to an HTML injection vulnerability.
Attacker-supplied HTML and script code may be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
Exploit / POC
Positive Software Corporation SiteStudio HTML Injection Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Positive Software Corporation SiteStudio HTML Injection Vulnerability
Solution:
Patches for SiteStudio 1.6 Final and 1.6 Patch 1 have been released. Please see the following site for more information:
http://www.psoft.net/SS/ss_16_security_update_guestbook.html
Solution:
Patches for SiteStudio 1.6 Final and 1.6 Patch 1 have been released. Please see the following site for more information:
http://www.psoft.net/SS/ss_16_security_update_guestbook.html
References
Positive Software Corporation SiteStudio HTML Injection Vulnerability
References:
References:
- SiteStudio (Positive Software Corporation)