trixbox 'langChoice' Arbitrary Script Injection Vulnerability

Bugtraq ID:	30135
Class:	Input Validation Error
CVE:	CVE-2008-6825
Remote:	Yes
Local:	No
Published:	Jul 08 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Jean-Michel BESNARD
Vulnerable:	trixbox trixbox CE 2.6.1 0
Not Vulnerable:

trixbox 'langChoice' Arbitrary Script Injection Vulnerability

'trixbox' is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary script code in the context of the webserver. Successful exploits can compromise the application.

This issue affects trixbox CE 2.6.1; other versions may also be affected.

trixbox 'langChoice' Arbitrary Script Injection Vulnerability

Attackers can exploit this issue via a browser.

The following exploit code is available:

• /data/vulnerabilities/exploits/30135.pl
• /data/vulnerabilities/exploits/30135.py
• /data/vulnerabilities/exploits/30135.rb

trixbox 'langChoice' Arbitrary Script Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

trixbox 'langChoice' Arbitrary Script Injection Vulnerability

References:

• trixbox Homepage (trixbox)