DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
BID:25325
Info
DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 25325 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4412 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | DoZ is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
DeskPro DeskPro 3.1 |
| Not Vulnerable: | |
Discussion
DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
DeskPRO is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
To exploit this issue, an attacker must have administrative privileges.
Exploiting these issues may allow the attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
DeskPRO 3.0.2 is reported vulnerable; other versions may also be affected.
DeskPRO is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
To exploit this issue, an attacker must have administrative privileges.
Exploiting these issues may allow the attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
DeskPRO 3.0.2 is reported vulnerable; other versions may also be affected.
Exploit / POC
DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
Attackers can exploit these issues via a browser.
Attackers can exploit these issues via a browser.
Solution / Fix
DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
DeskPRO Admin Panel Multiple HTML Injection Vulnerabilities
References:
References:
- Deskpro Homepage (Deskpro )
- DeskPRO Admin Panel Multiple HTML Injections (DoZ)