Absolute Poll Manager XE xlaapmview.asp Cross Site Scripting Vulnerability

Bugtraq ID:	25492
Class:	Input Validation Error
CVE:	CVE-2007-4630
Remote:	Yes
Local:	No
Published:	Aug 30 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Richard Brain and Adrian Pastor of ProCheckUp Ltd are credited with discovering this vulnerability.
Vulnerable:	XIGLA SOFTWARE Absolute Poll Manager XE 4.1
Not Vulnerable:

Absolute Poll Manager XE xlaapmview.asp Cross Site Scripting Vulnerability

Absolute Poll Manager XE is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

This issue affects Absolute Poll Manager XE 4.1; other versions may also be vulnerable.

Absolute Poll Manager XE xlaapmview.asp Cross Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.

The following proof-of-concept URIs are available:

• /data/vulnerabilities/exploits/25492.html

Absolute Poll Manager XE xlaapmview.asp Cross Site Scripting Vulnerability

Solution:
Currently we are not aware of any vendor fixes for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Absolute Poll Manager XE xlaapmview.asp Cross Site Scripting Vulnerability

References:

• Absolute Poll Manager XE Homepage (XIGLA)
  
• PR07-23: Non-persistent Cross-site Scripting (XSS) on Absolute Poll Manager XE a (ProCheckup)