Freeside cust_bill_event.cgi Cross-Site Scripting Vulnerability
BID:25811
Info
Freeside cust_bill_event.cgi Cross-Site Scripting Vulnerability
| Bugtraq ID: | 25811 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5088 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 26 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | r0t is credited with the discovery of this vulnerability. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Freeside cust_bill_event.cgi Cross-Site Scripting Vulnerability
Freeside is prone to a cross-site scripting vulnerability.
Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.
This issue affects Freeside v1.7.2; other versions may also be affected.
Freeside is prone to a cross-site scripting vulnerability.
Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.
This issue affects Freeside v1.7.2; other versions may also be affected.
Exploit / POC
Freeside cust_bill_event.cgi Cross-Site Scripting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Freeside cust_bill_event.cgi Cross-Site Scripting Vulnerability
Solution:
The vendor has addressed this issue in the source code in their CVS repository. Contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has addressed this issue in the source code in their CVS repository. Contact the vendor for details on obtaining and applying the appropriate updates.
References
Freeside cust_bill_event.cgi Cross-Site Scripting Vulnerability
References:
References:
- Freeside Homepage (Freeside Internet Services Inc)
- Freeside XSS vuln. (r0t)