Biba Selenium Web Server Multiple Vulnerabilities
BID:21100
Info
Biba Selenium Web Server Multiple Vulnerabilities
| Bugtraq ID: | 21100 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 15 2006 12:00AM |
| Updated: | Nov 20 2006 07:05PM |
| Credit: | Greg Linares is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Biba Software Selenium Web Server 1.0 |
| Not Vulnerable: | |
Discussion
Biba Selenium Web Server Multiple Vulnerabilities
Biba Selenium Web Server is prone to a cross-site scripting because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may lead to other attacks.
Biba Selenium Web Server is prone to a cross-site scripting because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may lead to other attacks.
Exploit / POC
Biba Selenium Web Server Multiple Vulnerabilities
Attackers can exploit these issues via a web client.
The following proof-of-concept URI is available:
http://www.example.com/%3Cscript%3Ealert('CSS_Vulnerable')%3C/script%3E
Attackers can exploit these issues via a web client.
The following proof-of-concept URI is available:
http://www.example.com/%3Cscript%3Ealert('CSS_Vulnerable')%3C/script%3E
Solution / Fix
Biba Selenium Web Server Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].