IPManager Index.PHP Cross-Site Scripting Vulnerability
BID:20952
Info
IPManager Index.PHP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 20952 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2006 12:00AM |
| Updated: | Dec 18 2006 03:48PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
EfficientIP IpManager 2.3 |
| Not Vulnerable: |
EfficientIP IpManager 2.5.6 |
Discussion
IPManager Index.PHP Cross-Site Scripting Vulnerability
IpManager is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
IpManager is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
IPManager Index.PHP Cross-Site Scripting Vulnerability
An attacker can exploit this issue with a web client.
The following proof-of-concept URI is available:
An attacker can exploit this issue with a web client.
The following proof-of-concept URI is available:
Solution / Fix
IPManager Index.PHP Cross-Site Scripting Vulnerability
Solution:
The vendor has released version 2.5.6 of IpManager to address this issue. Users of affected packages should contact the vendor for information on obtaining and applying the fix.
Solution:
The vendor has released version 2.5.6 of IpManager to address this issue. Users of affected packages should contact the vendor for information on obtaining and applying the fix.