Arbor Networks Peakflow SP Unspecified Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	25910
Class:	Input Validation Error
CVE:	CVE-2007-5211
Remote:	Yes
Local:	No
Published:	Oct 03 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Arbornetworks Peakflow SP 3.6.1
Not Vulnerable:

Arbor Networks Peakflow SP Unspecified Multiple Cross-Site Scripting Vulnerabilities

Arbor Networks Peakflow SP is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to adequately sanitize user-supplied input.

Exploiting these issues allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.

These issues affect Peakflow SP 3.5.1 and 3.6.1; prior versions may also be affected.

Arbor Networks Peakflow SP Unspecified Multiple Cross-Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

Arbor Networks Peakflow SP Unspecified Multiple Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released fixes to customers with support licenses. Please contact the vendor for details.

Arbor Networks Peakflow SP Unspecified Multiple Cross-Site Scripting Vulnerabilities

References:

• Peakflow SP Homepage (Arbor Networks)