OSADS Alliance Database Board Comment HTML Injection Vulnerability
BID:18280
CVE-2006-2874 |Info
OSADS Alliance Database Board Comment HTML Injection Vulnerability
| Bugtraq ID: | 18280 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2006 12:00AM |
| Updated: | Jun 05 2006 10:47PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
OSADS Alliance Database OSADS Alliance Database 1.3 OSADS Alliance Database OSADS Alliance Database 1.2 OSADS Alliance Database OSADS Alliance Database 1.1 |
| Not Vulnerable: |
OSADS Alliance Database OSADS Alliance Database 1.4 |
Discussion
OSADS Alliance Database Board Comment HTML Injection Vulnerability
OSADS Alliance Database is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
OSADS Alliance Database is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Exploit / POC
OSADS Alliance Database Board Comment HTML Injection Vulnerability
This issue can be exploited through a web client.
This issue can be exploited through a web client.
Solution / Fix
OSADS Alliance Database Board Comment HTML Injection Vulnerability
Solution:
The vendor has released version 1.4 to address this issue.
OSADS Alliance Database OSADS Alliance Database 1.1
OSADS Alliance Database OSADS Alliance Database 1.3
OSADS Alliance Database OSADS Alliance Database 1.2
Solution:
The vendor has released version 1.4 to address this issue.
OSADS Alliance Database OSADS Alliance Database 1.1
-
OSADS Alliance Database OSADS-v1.4.zip
http://prdownloads.sourceforge.net/osads/OSADS-v1.4.zip?download`````
OSADS Alliance Database OSADS Alliance Database 1.3
-
OSADS Alliance Database OSADS-v1.4.zip
http://prdownloads.sourceforge.net/osads/OSADS-v1.4.zip?download`````
OSADS Alliance Database OSADS Alliance Database 1.2
-
OSADS Alliance Database OSADS-v1.4.zip
http://prdownloads.sourceforge.net/osads/OSADS-v1.4.zip?download`````
References
OSADS Alliance Database Board Comment HTML Injection Vulnerability
References:
References:
- OSADS Alliance Database Home Page (OSADS Alliance Database)
- Release Name: OSADS 1.4 (OSADS Alliance Database)