Digirez Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	24157
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 25 2007 12:00AM
Updated:	May 25 2007 10:01PM
Credit:	Linux_Drox is credited with the discovery of these vulnerabilities.
Vulnerable:	Digiappz Digirez 3.4
Not Vulnerable:

Digirez Multiple Cross Site Scripting Vulnerabilities

Digirez is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Digirez 3.4 is vulnerable to these issues.

Digirez Multiple Cross Site Scripting Vulnerabilities

Attackers can use a browser to exploit these issues.

Example URIs are available:

• /data/vulnerabilities/exploits/24157.html

Digirez Multiple Cross Site Scripting Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Digirez Multiple Cross Site Scripting Vulnerabilities

References:

• DigiRez Web Site (Digiappz)
  
• Multiple XSS in Digirez ([email protected])