InterWorx-CP SiteWorx and NodeWorx Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	25451
Class:	Input Validation Error
CVE:	CVE-2007-4588
Remote:	Yes
Local:	No
Published:	Aug 27 2007 12:00AM
Updated:	Apr 16 2015 06:09PM
Credit:	Doz is credited with the discovery of these vulnerabilities.
Vulnerable:	InterWorx InterWorx-CP 3.0.2
Not Vulnerable:	InterWorx InterWorx-CP 3.0.3

InterWorx-CP SiteWorx and NodeWorx Multiple Cross-Site Scripting Vulnerabilities

InterWorx-CP is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect InterWorx-CP 3.0.2; other versions may also be vulnerable.

InterWorx-CP SiteWorx and NodeWorx Multiple Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

InterWorx-CP SiteWorx and NodeWorx Multiple Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released InterWorx-CP 3.0.3 to address this issue. Please contact the vendor for details on obtaining and applying the appropriate updates.

InterWorx-CP SiteWorx and NodeWorx Multiple Cross-Site Scripting Vulnerabilities

References:

• InterWorx Homepage (InterWorx)
  
• InterWorx-CP Version 3.0.3 Released (InterWorx)
  
• InterWorx-CP Multiple HTML Injections Vulnerabilitie ([email protected])
  
• Re: InterWorx-CP Multiple HTML Injections Vulnerabilities (InterWorx)