KnowledgeTree Open Source Cross-site Scripting Vulnerability
BID:18324
CVE-2006-2885 |Info
KnowledgeTree Open Source Cross-site Scripting Vulnerability
| Bugtraq ID: | 18324 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 06 2006 12:00AM |
| Updated: | Jun 08 2006 04:06PM |
| Credit: | R0t is credited with discovering this vulnerability. |
| Vulnerable: |
Jam Warehouse KnowledgeTree Open Source 3.0.3 |
| Not Vulnerable: | |
Discussion
KnowledgeTree Open Source Cross-site Scripting Vulnerability
KnowledgeTree Open Source is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize input before displaying it to users of the application.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
KnowledgeTree Open Source is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize input before displaying it to users of the application.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
KnowledgeTree Open Source Cross-site Scripting Vulnerability
Attackers can exploit this issue by enticing a user into following a malicious link.
Attackers can exploit this issue by enticing a user into following a malicious link.
Solution / Fix
KnowledgeTree Open Source Cross-site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]