Chama Cargo Unspecified Cross-Site Scripting Vulnerability
BID:21361
Info
Chama Cargo Unspecified Cross-Site Scripting Vulnerability
| Bugtraq ID: | 21361 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 30 2006 12:00AM |
| Updated: | Nov 30 2006 08:24PM |
| Credit: | JVN is credited with the discovery of this vulnerability. |
| Vulnerable: |
Chama Cargo Chama Cargo 4.36 |
| Not Vulnerable: |
Chama Cargo Chama Cargo 4.37 |
Discussion
Chama Cargo Unspecified Cross-Site Scripting Vulnerability
Chama Cargo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to 4.37 are vulnerable to this issue.
Chama Cargo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions prior to 4.37 are vulnerable to this issue.
Exploit / POC
Chama Cargo Unspecified Cross-Site Scripting Vulnerability
An attacker can trigger this vulnerability by enticing a victim user to follow a malicious URI.
An attacker can trigger this vulnerability by enticing a victim user to follow a malicious URI.
Solution / Fix
Chama Cargo Unspecified Cross-Site Scripting Vulnerability
Solution:
The vendor has released an update to address this issue.
Upgrade to Chama Cargo version 4.37:
http://www.chama.ne.jp/cargo.htmhttp://www.chama.ne.jp/cargo.htm
Solution:
The vendor has released an update to address this issue.
Upgrade to Chama Cargo version 4.37:
http://www.chama.ne.jp/cargo.htmhttp://www.chama.ne.jp/cargo.htm
References
Chama Cargo Unspecified Cross-Site Scripting Vulnerability
References:
References:
- Vendor Home Page (Chama Cargo)