Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
BID:17331
Info
Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
| Bugtraq ID: | 17331 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2006 12:00AM |
| Updated: | Apr 01 2006 12:03AM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
Esqlanelapse Esqlanelapse 2.2 Esqlanelapse Esqlanelapse 2.0 |
| Not Vulnerable: |
Esqlanelapse Esqlanelapse 2.5 |
Discussion
Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
Esqlanelapse is prone to an unspecified cross-site scripting vulnerability. This is due to a lack of proper sanitization of user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Esqlanelapse 2.0 and 2.2 are vulnerable to this issue.
Esqlanelapse is prone to an unspecified cross-site scripting vulnerability. This is due to a lack of proper sanitization of user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Esqlanelapse 2.0 and 2.2 are vulnerable to this issue.
Exploit / POC
Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
This issue could be exploited with a web client.
This issue could be exploited with a web client.
Solution / Fix
Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
Solution:
The vendor has released version 2.5 to address this issue.
Solution:
The vendor has released version 2.5 to address this issue.
References
Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
References:
References:
- Esqlanelapse Home Page (Esqlanelapse)
- Release Name: Esqlanelapse 2.5 (Esqlanelapse)