Overlay Weaver Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	23195
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 29 2007 12:00AM
Updated:	Mar 29 2007 05:43PM
Credit:	Yoshiyuki Sukedai is credited with the discovery of this vulnerability.
Vulnerable:	Overlay Weaver Overlay Weaver 0.5.11 Overlay Weaver Overlay Weaver 0.5.10 Overlay Weaver Overlay Weaver 0.5.9
Not Vulnerable:	Overlay Weaver Overlay Weaver 0.6

Overlay Weaver Unspecified Cross-Site Scripting Vulnerability

Overlay Weaver is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions 0.5.9 to 0.5.11.

Overlay Weaver Unspecified Cross-Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.

Overlay Weaver Unspecified Cross-Site Scripting Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.

Overlay Weaver Unspecified Cross-Site Scripting Vulnerability

References:

• Overlay Weaver Homepage (Overlay Weaver )
  
• Cross-site scripting vulnerability in DHT shell of Overlay Weaver (Overlay Weaver)