mnoGoSearch T Parameter Cross-Site Scripting Vulnerability
BID:26114
Info
mnoGoSearch T Parameter Cross-Site Scripting Vulnerability
| Bugtraq ID: | 26114 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5588 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 17 2007 12:00AM |
| Updated: | Nov 15 2007 12:35AM |
| Credit: | The vendor reported this vulnerability. |
| Vulnerable: |
mnoGoSearch mnoGoSearch 3.2.42 mnoGoSearch mnoGoSearch 3.2.27 mnoGoSearch mnoGoSearch 3.2.26 mnoGoSearch mnoGoSearch 3.2.25 mnoGoSearch mnoGoSearch 3.2.24 mnoGoSearch mnoGoSearch 3.2.23 mnoGoSearch mnoGoSearch 3.2.22 mnoGoSearch mnoGoSearch 3.2.21 mnoGoSearch mnoGoSearch 3.2.20 mnoGoSearch mnoGoSearch 3.2.19 mnoGoSearch mnoGoSearch 3.2.18 mnoGoSearch mnoGoSearch 3.2.17 mnoGoSearch mnoGoSearch 3.2.16 mnoGoSearch mnoGoSearch 3.2.15 mnoGoSearch mnoGoSearch 3.2.14 mnoGoSearch mnoGoSearch 3.2.13 mnoGoSearch mnoGoSearch 3.2.10 |
| Not Vulnerable: |
mnoGoSearch mnoGoSearch 3.2.43 |
Discussion
mnoGoSearch T Parameter Cross-Site Scripting Vulnerability
mnoGoSearch is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
mnoGoSearch 3.2.43 is vulnerable; prior versions may also be affected.
mnoGoSearch is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
mnoGoSearch 3.2.43 is vulnerable; prior versions may also be affected.
Exploit / POC
mnoGoSearch T Parameter Cross-Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
mnoGoSearch T Parameter Cross-Site Scripting Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
mnoGoSearch mnoGoSearch 3.2.10
mnoGoSearch mnoGoSearch 3.2.13
mnoGoSearch mnoGoSearch 3.2.14
mnoGoSearch mnoGoSearch 3.2.15
mnoGoSearch mnoGoSearch 3.2.16
mnoGoSearch mnoGoSearch 3.2.17
mnoGoSearch mnoGoSearch 3.2.18
mnoGoSearch mnoGoSearch 3.2.19
mnoGoSearch mnoGoSearch 3.2.20
mnoGoSearch mnoGoSearch 3.2.21
mnoGoSearch mnoGoSearch 3.2.22
mnoGoSearch mnoGoSearch 3.2.23
mnoGoSearch mnoGoSearch 3.2.24
mnoGoSearch mnoGoSearch 3.2.25
mnoGoSearch mnoGoSearch 3.2.26
mnoGoSearch mnoGoSearch 3.2.27
mnoGoSearch mnoGoSearch 3.2.42
Solution:
The vendor released an update to address this issue. Please see the references for more information.
mnoGoSearch mnoGoSearch 3.2.10
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.13
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.14
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.15
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.16
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.17
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.18
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.19
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.20
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.21
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.22
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.23
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.24
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.25
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.26
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.27
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
mnoGoSearch mnoGoSearch 3.2.42
-
mnoGoSearch mnogosearch-3.2.43.tar.gz
http://www.mnogosearch.org/Download/mnogosearch-3.2.43.tar.gz
References
mnoGoSearch T Parameter Cross-Site Scripting Vulnerability
References:
References:
- Changes in 3.2.43 (17 October 2007) (mnoGoSearch)
- mnoGoSearch Homepage (mnoGoSearch)