Flip Multiple Cross-Site Scripting Vulnerabilities
BID:22251
Info
Flip Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 22251 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2007 12:00AM |
| Updated: | Jan 26 2007 08:19PM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
FLIP FLIP 1.0-RC1 |
| Not Vulnerable: |
FLIP FLIP 1.0-RC2 |
Discussion
Flip Multiple Cross-Site Scripting Vulnerabilities
FLIP is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to 1.0-RC2.
FLIP is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect versions prior to 1.0-RC2.
Exploit / POC
Flip Multiple Cross-Site Scripting Vulnerabilities
An attacker can trigger these vulnerabilities by enticing a victim user to follow a malicious URI.
An attacker can trigger these vulnerabilities by enticing a victim user to follow a malicious URI.
Solution / Fix
Flip Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor relased an update to address these issues. Please see the references for more information.
Solution:
The vendor relased an update to address these issues. Please see the references for more information.
References
Flip Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- FLIP 1.0-RC2 Release Notes (FLIP )
- FLIP Homepage (FLIP )