Interact Online Learning Environment Multiple Unspecified Cross-Site Scripting Vulnerabilities
BID:25173
Info
Interact Online Learning Environment Multiple Unspecified Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 25173 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4177 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 30 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
Interact Learning Community Environment Interact Online Learning Environment 2.3 |
| Not Vulnerable: |
Interact Learning Community Environment Interact Online Learning Environment 2.4 |
Discussion
Interact Online Learning Environment Multiple Unspecified Cross-Site Scripting Vulnerabilities
Interact Online Learning Environment is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Interact Online Learning Environment 2.4 are vulnerable.
Interact Online Learning Environment is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Interact Online Learning Environment 2.4 are vulnerable.
Exploit / POC
Interact Online Learning Environment Multiple Unspecified Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Interact Online Learning Environment Multiple Unspecified Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released Interact Online Learning Environment 2.4 to address these issues. Please see the vendor references for more information.
Interact Learning Community Environment Interact Online Learning Environment 2.3
Solution:
The vendor has released Interact Online Learning Environment 2.4 to address these issues. Please see the vendor references for more information.
Interact Learning Community Environment Interact Online Learning Environment 2.3
-
Interact Learning Community Environment interact-2.4
http://sourceforge.net/project/showfiles.php?group_id=69681&package_id =68702&release_id=528858
References
Interact Online Learning Environment Multiple Unspecified Cross-Site Scripting Vulnerabilities
References:
References:
- Interact Online Learning Environment Homepage (Interact)
- interact-2.4 Changelog (Interact)