ADPLAN SEO Unspecified Cross Site Scripting Vulnerability
BID:24356
Info
ADPLAN SEO Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 24356 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3117 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 07 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Mitsui is credited with the discovery of this vulnerability. |
| Vulnerable: |
ADPLAN SEO 3.0 |
| Not Vulnerable: |
ADPLAN SEO 4.0 |
Discussion
ADPLAN SEO Unspecified Cross Site Scripting Vulnerability
ADPLAN SEO is prone to an unspecified cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
ADPLAN SEO 3 is vulnerable to this issue; other versions may also be affected.
ADPLAN SEO is prone to an unspecified cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
ADPLAN SEO 3 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
ADPLAN SEO Unspecified Cross Site Scripting Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
ADPLAN SEO Unspecified Cross Site Scripting Vulnerability
Solution:
The vendor has released an updated version that addresses this vulnerability. Please see the references for more information.
Solution:
The vendor has released an updated version that addresses this vulnerability. Please see the references for more information.
References
ADPLAN SEO Unspecified Cross Site Scripting Vulnerability
References:
References:
- JVN#23891849 (JVN)
- Vendor Homepage (ADPLAN)