HTTP Commander Multiple Cross-Site Scripting Vulnerabilities
BID:22298
Info
HTTP Commander Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 22298 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0583 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 29 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | Yogesh Kulkarni and an anonymous person are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
HTTP Commander HTTP Commander 6.0 |
| Not Vulnerable: | |
Discussion
HTTP Commander Multiple Cross-Site Scripting Vulnerabilities
HTTP Commander is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
HTTP Commander is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
HTTP Commander Multiple Cross-Site Scripting Vulnerabilities
An attacker can trigger these vulnerabilities by enticing a victim user to follow a malicious URI.
An attacker can trigger these vulnerabilities by enticing a victim user to follow a malicious URI.
Solution / Fix
References
HTTP Commander Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- HTTP Commander Homepage (HTTP Commander )