Open Business Management Multiple Cross-Site Scripting Vulnerabilities
BID:18348
CVE-2006-3009 | CVE-2006-3010 |Info
Open Business Management Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 18348 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 07 2006 12:00AM |
| Updated: | Jun 12 2006 08:56PM |
| Credit: | r0t is credited with discovering these vulnerabilities. |
| Vulnerable: |
Aliacom Open Business Management 1.0.3 pl1 |
| Not Vulnerable: | |
Discussion
Open Business Management Multiple Cross-Site Scripting Vulnerabilities
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user.
An attacker could exploit this vulnerability to inject hostile HTML and script code into the browser session of other users of the application.
Exploit / POC
Open Business Management Multiple Cross-Site Scripting Vulnerabilities
Attackers can exploit this issue by enticing a user to follow a malicious link.
The following proof-of-concept URIs are available:
Attackers can exploit this issue by enticing a user to follow a malicious link.
The following proof-of-concept URIs are available:
Solution / Fix
Open Business Management Multiple Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Open Business Management Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- OBM Multiple SQL Inj and XSS vuln (r0t)
- Open Business Management (Aliacom)