IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
BID:25177
Info
IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
| Bugtraq ID: | 25177 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4192 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 02 2007 12:00AM |
| Updated: | Apr 16 2015 06:11PM |
| Credit: | Edi Strosar is credited with the discovery of this vulnerability. |
| Vulnerable: |
IDE Group Online DVD Rental System 5.1 |
| Not Vulnerable: | |
Discussion
IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
Online DVD Rental System is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Online DVD Rental System 5.1 is vulnerable; other versions may also be affected.
Online DVD Rental System is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Online DVD Rental System 5.1 is vulnerable; other versions may also be affected.
Exploit / POC
IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
Solution:
The vendor released a patch to address this issue. Please contact the vendor for information on how to obtain and apply this update.
Solution:
The vendor released a patch to address this issue. Please contact the vendor for information on how to obtain and apply this update.
References
IDE Group Online DVD Rental System Unspecified Cross-Site Scripting Vulnerability
References:
References:
- Online DVD Rental System Home Page (IDE Group)