Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
BID:24290
Info
Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 24290 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3042 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | JPCERT is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Menéame Menéame V1 |
| Not Vulnerable: |
Menéame Menéame V2 |
Discussion
Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
Menéame is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Menéame 2 are vulnerable.
Menéame is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Menéame 2 are vulnerable.
Exploit / POC
Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
Solution:
The vendor has released a fix to address these issues. Please see the vendor reference for details.
Menéame Menéame V1
Solution:
The vendor has released a fix to address these issues. Please see the vendor reference for details.
Menéame Menéame V1
-
Menéame version2.tar.gz
http://svn.meneame.net/index.cgi/branches/version2.tar.gz
References
Meneame Multiple Unspecified Cross Site Scripting Vulnerabilities
References:
References:
- Menéame Web Site (Menéame)