BlueSocket BSC 2100 Admin.PL Cross-Site Scripting Vulnerability
BID:21419
Info
BlueSocket BSC 2100 Admin.PL Cross-Site Scripting Vulnerability
| Bugtraq ID: | 21419 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 04 2006 12:00AM |
| Updated: | Dec 04 2006 09:54PM |
| Credit: | Jesus Olmos Gonzalez is credited with the discovery of this vulnerability. |
| Vulnerable: |
BlueSocket BSC 2100 5.1 BlueSocket BSC 2100 5.0 |
| Not Vulnerable: |
BlueSocket BSC 2100 5.2 |
Discussion
BlueSocket BSC 2100 Admin.PL Cross-Site Scripting Vulnerability
BlueSocket BSC 2100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects versions prior to 5.2 and versions without the 5.1.1-BluePatch fix.
BlueSocket BSC 2100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects versions prior to 5.2 and versions without the 5.1.1-BluePatch fix.
Exploit / POC
BlueSocket BSC 2100 Admin.PL Cross-Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspected victim into following a malicious URI.
The following proof-of-concept URI is available:
Attackers can exploit this issue by enticing an unsuspected victim into following a malicious URI.
The following proof-of-concept URI is available:
Solution / Fix
BlueSocket BSC 2100 Admin.PL Cross-Site Scripting Vulnerability
Solution:
The vendor has released BluePatch V6 for version 5.1.1.1; please contact the vendor for information on how to obtain and apply this update.
Solution:
The vendor has released BluePatch V6 for version 5.1.1.1; please contact the vendor for information on how to obtain and apply this update.
References
BlueSocket BSC 2100 Admin.PL Cross-Site Scripting Vulnerability
References:
References:
- BlueSocket BSC 2100 Web Site (BlueSocket)
- [ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS (ISecAuditors Security Advisories