TGS Content Management HTML-Injection and Multiple Cross-Site Scripting Vulnerabilities
BID:30157
Info
TGS Content Management HTML-Injection and Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 30157 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-6839 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 09 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Julián Rodríguez <[email protected]> |
| Vulnerable: |
TGS Content Management TGS Content Management 0.3.2r2 |
| Not Vulnerable: |
TGS Content Management TGS Content Management 0.4 |
Discussion
TGS Content Management HTML-Injection and Multiple Cross-Site Scripting Vulnerabilities
TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
TGS Content Management 0.3.2r2 is vulnerable; other versions may also be affected.
TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible.
TGS Content Management 0.3.2r2 is vulnerable; other versions may also be affected.
Exploit / POC
TGS Content Management HTML-Injection and Multiple Cross-Site Scripting Vulnerabilities
Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting user to follow a malicious URI.
The following example URIs are available:
Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting user to follow a malicious URI.
The following example URIs are available:
Solution / Fix
TGS Content Management HTML-Injection and Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released an update . Please see references for details.
Solution:
The vendor has released an update . Please see references for details.
References
TGS Content Management HTML-Injection and Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- TGS Content Management 0.4.0 (2009/03/31) (TGS Content Management)
- Vendor Homepage (TGS Content Management)