Aigaion Multiple HTML-injection Vulnerabilities
BID:24264
Info
Aigaion Multiple HTML-injection Vulnerabilities
| Bugtraq ID: | 24264 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3078 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 01 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | ephemeral_sta is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Aigaion Web based bibliography management system 1.2.1 Aigaion Web based bibliography management system 1.3 |
| Not Vulnerable: |
Aigaion Web based bibliography management system 1.3.3 |
Discussion
Aigaion Multiple HTML-injection Vulnerabilities
Aigaion is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.
An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions of Aigaion prior to 1.3.3 are vulnerable to these issues.
Aigaion is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.
An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions of Aigaion prior to 1.3.3 are vulnerable to these issues.
Exploit / POC
Aigaion Multiple HTML-injection Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
Aigaion Multiple HTML-injection Vulnerabilities
Solution:
The vendor has released a security patch to address these issues. Please see the references for more information.
Solution:
The vendor has released a security patch to address these issues. Please see the references for more information.
References
Aigaion Multiple HTML-injection Vulnerabilities
References:
References:
- Aigaion Web Site (Aigaion)
- [ 1725317 ] XSS vulnerabilities (Aigaion)