BID:21472

ScriptMate User Manager Default.ASP Multiple HTML Injection Vulnerabilities

Info

ScriptMate User Manager Default.ASP Multiple HTML Injection Vulnerabilities

Bugtraq ID:	21472
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 14 2006 12:00AM
Updated:	Dec 14 2006 12:00AM
Credit:	Q x <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	ScriptMate User Manager 2.1

Not Vulnerable:

Discussion

ScriptMate User Manager Default.ASP Multiple HTML Injection Vulnerabilities

ScriptMate User Manager is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the context of the affected site.

Version 2.1 is affected by these issues; other versions may also be affected.

Exploit / POC

ScriptMate User Manager Default.ASP Multiple HTML Injection Vulnerabilities

An attacker can exploit these issues via a web client.

Solution / Fix

ScriptMate User Manager Default.ASP Multiple HTML Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

References

ScriptMate User Manager Default.ASP Multiple HTML Injection Vulnerabilities

References:

ScriptMate User Manager Multiple HTML Injection Vulnerabilities (Hackerscenter)
Vendor Home Page (ScriptMate)