TechExcel CustomerWise Multiple Input Validation Vulnerabilities
BID:25624
Info
TechExcel CustomerWise Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 25624 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4882 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 10 2007 12:00AM |
| Updated: | Apr 16 2015 06:09PM |
| Credit: | Bertrand Arquilliere is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
TechExcel CustomerWise 0 |
| Not Vulnerable: |
TechExcel CustomerWise 7.0 |
Discussion
TechExcel CustomerWise Multiple Input Validation Vulnerabilities
CustomerWise is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML-injection issue, because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.
CustomerWise is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML-injection issue, because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data.
Exploit / POC
TechExcel CustomerWise Multiple Input Validation Vulnerabilities
To exploit the cross-site scripting issue, attackers must entice an unsuspecting victim into following a malicious URI. Attackers can exploit the HTML-injection issue via a browser.
To exploit the cross-site scripting issue, attackers must entice an unsuspecting victim into following a malicious URI. Attackers can exploit the HTML-injection issue via a browser.
Solution / Fix
TechExcel CustomerWise Multiple Input Validation Vulnerabilities
Solution:
Vendor updates are available. Contact the vendor for details.
Solution:
Vendor updates are available. Contact the vendor for details.
References
TechExcel CustomerWise Multiple Input Validation Vulnerabilities
References:
References:
- CustomerWise Homepage (TechExcel)