Vacation Rental Script Index.PHP Cross-Site Scripting Vulnerability

Bugtraq ID:	18134
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 29 2006 12:00AM
Updated:	Jun 16 2006 05:31PM
Credit:	luny is credited with the discovery of this vulnerability.
Vulnerable:	vacationrentalscript.com Vacation Rentals Script 1.0
Not Vulnerable:	vacationrentalscript.com Vacation Rentals Script 1.1

Vacation Rental Script Index.PHP Cross-Site Scripting Vulnerability

Vacation Rental Script is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Vacation Rental Script Index.PHP Cross-Site Scripting Vulnerability

This issue can be exploited through a web client.

Vacation Rental Script Index.PHP Cross-Site Scripting Vulnerability

Solution:
The vendor has released version 1.1 to address this issue. Contact the vendor for details on obtaining the appropriate updates.mailto:[email protected]

Vacation Rental Script Index.PHP Cross-Site Scripting Vulnerability

References:

• Vacation Rental Script Web Site (vacationrentalscript.com)