Pubcookies Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	17221
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 24 2006 12:00AM
Updated:	Mar 24 2006 11:24PM
Credit:	[email protected] is credited with the discovery of this vulnerability.
Vulnerable:	University of Washington Pubcookie 3.3 University of Washington Pubcookie 3.2.1 University of Washington Pubcookie 3.2 University of Washington Pubcookie 3.1.1 University of Washington Pubcookie 3.1 University of Washington Pubcookie 3.0 University of Washington Pubcookie 1.0 University of Washington Pubcookie 3.2.1a
Not Vulnerable:	University of Washington Pubcookie 3.3.0a University of Washington Pubcookie 3.2.1b

Pubcookies Multiple Cross-Site Scripting Vulnerabilities

Pubcookies is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues were addressed in Pubcookie 3.3.0a and 3.2.1b.

Pubcookies Multiple Cross-Site Scripting Vulnerabilities


These issues could be exploited with a web browser.

Pubcookies Multiple Cross-Site Scripting Vulnerabilities

Solution:

Fixes are available:


University of Washington Pubcookie 3.2.1a

• University of Washington pubcookie-3.2.1b.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz


• University of Washington Pubcookie-3.3.0a.msi
  Windows
  http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi


• University of Washington pubcookie-3.3.0a.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 1.0

• University of Washington pubcookie-3.2.1b.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz


• University of Washington Pubcookie-3.3.0a.msi
  Windows
  http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi


• University of Washington pubcookie-3.3.0a.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.0

• University of Washington pubcookie-3.2.1b.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz


• University of Washington Pubcookie-3.3.0a.msi
  Windows
  http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi


• University of Washington pubcookie-3.3.0a.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.1

• University of Washington pubcookie-3.2.1b.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz


• University of Washington Pubcookie-3.3.0a.msi
  Windows
  http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi


• University of Washington pubcookie-3.3.0a.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.1.1

• University of Washington pubcookie-3.2.1b.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz


• University of Washington Pubcookie-3.3.0a.msi
  Windows
  http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi


• University of Washington pubcookie-3.3.0a.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.2

• University of Washington pubcookie-3.2.1b.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz


• University of Washington Pubcookie-3.3.0a.msi
  Windows
  http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi


• University of Washington pubcookie-3.3.0a.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.2.1

• University of Washington pubcookie-3.2.1b.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.2.1b.tar.gz


• University of Washington Pubcookie-3.3.0a.msi
  Windows
  http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi


• University of Washington pubcookie-3.3.0a.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

University of Washington Pubcookie 3.3

• University of Washington Pubcookie-3.3.0a.msi
  Windows
  http://pubcookie.org/downloads/Pubcookie-3.3.0a.msi


• University of Washington pubcookie-3.3.0a.tar.gz
  Unix
  http://pubcookie.org/downloads/pubcookie-3.3.0a.tar.gz

Pubcookies Multiple Cross-Site Scripting Vulnerabilities

References:

• Pubcookie Home (Pubcookie)
  
• Vulnerability Note VU#314540 (CERT)
  
• Vulnerability Note VU#337585 (CERT)
  
• XSS Vulnerability in Pubcookie App Server Modules (Pubcookie)
  
• XSS Vulnerability in Pubcookie Login Server (Pubcookie)