Mayaa UTF-7 Character Encoding Cross-Site Scripting Vulnerability

Bugtraq ID:	25443
Class:	Input Validation Error
CVE:	CVE-2007-4595
Remote:	Yes
Local:	No
Published:	Aug 27 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Fukumori is credited with the discovery of this vulnerability.
Vulnerable:	Mayaa Mayaa 1.1.11
Not Vulnerable:	Mayaa Mayaa 1.1.12

Mayaa UTF-7 Character Encoding Cross-Site Scripting Vulnerability

Mayaa is prone a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to Mayaa 1.1.12 are prone to this issue.

Mayaa UTF-7 Character Encoding Cross-Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to follow a malicious URI.

Mayaa UTF-7 Character Encoding Cross-Site Scripting Vulnerability

Solution:
The vendor has released an updated version of the software that addresses this issue. Please see the vendor references for more information.

Mayaa UTF-7 Character Encoding Cross-Site Scripting Vulnerability

References:

• Mayaa Homepage (Mayaa)
  
• JVN#38199598 Mayaa (JVN)