AppFuse Messages.JSP Cross-Site Scripting Vulnerability
BID:25927
Info
AppFuse Messages.JSP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 25927 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5280 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 03 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
AppFuse AppFuse 2.0-RC1 |
| Not Vulnerable: |
AppFuse AppFuse 2.0 |
Discussion
AppFuse Messages.JSP Cross-Site Scripting Vulnerability
AppFuse is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects AppFuse 2.0-RC1 ; other versions may also be vulnerable.
AppFuse is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects AppFuse 2.0-RC1 ; other versions may also be vulnerable.
Exploit / POC
AppFuse Messages.JSP Cross-Site Scripting Vulnerability
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
AppFuse Messages.JSP Cross-Site Scripting Vulnerability
Solution:
The vendor has released AppFuse 2.0 to address this issue; please see the references for details.
Solution:
The vendor has released AppFuse 2.0 to address this issue; please see the references for details.
References
AppFuse Messages.JSP Cross-Site Scripting Vulnerability
References:
References:
- AppFuse messages.jsp - cross site scripting (AppFuse)
- AppFuse QuickStart Guide (AppFuse)