Open-Gorotto Multiple Unspecified HTML-injection Vulnerabilities
BID:23507
Info
Open-Gorotto Multiple Unspecified HTML-injection Vulnerabilities
| Bugtraq ID: | 23507 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2007 12:00AM |
| Updated: | Apr 16 2007 10:41PM |
| Credit: | Fukumori is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
open-gorotto open-gorotto 2.0a |
| Not Vulnerable: | |
Discussion
Open-Gorotto Multiple Unspecified HTML-injection Vulnerabilities
Open-gorotto is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.
An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Open-gorotto 2.0a and prior versions are vulnerable to these issues.
Open-gorotto is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.
An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Open-gorotto 2.0a and prior versions are vulnerable to these issues.
Exploit / POC
Open-Gorotto Multiple Unspecified HTML-injection Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
Open-Gorotto Multiple Unspecified HTML-injection Vulnerabilities
Solution:
The vendor has released a security patch to address these issues. Please see the references for more information.
open-gorotto open-gorotto 2.0a
Solution:
The vendor has released a security patch to address these issues. Please see the references for more information.
open-gorotto open-gorotto 2.0a
-
open-gorotto openg_patch_20070416.tar.gz
http://release.open-gorotto.jp/openg_patch_20070416.tar.gz
References
Open-Gorotto Multiple Unspecified HTML-injection Vulnerabilities
References:
References:
- open-gorotto Security Patch 20070416 (open-gorotto)
- open-gorotto Web Site (open-gorotto)