Pure Software Lore Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	30367
Class:	Input Validation Error
CVE:	CVE-2008-3353
Remote:	Yes
Local:	No
Published:	Jul 23 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	Pure Software
Vulnerable:	Pure Software Lore 1.6.3 Pure Software Lore 1.6.2 Pure Software Lore 1.6.1 Pure Software Lore 1.6
Not Vulnerable:	Pure Software Lore 1.7

Pure Software Lore Multiple Cross Site Scripting Vulnerabilities

Pure Software Lore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

These issues affect versions prior to Lore 1.7.0.

Pure Software Lore Multiple Cross Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

Pure Software Lore Multiple Cross Site Scripting Vulnerabilities

Solution:
The vendor has released an update. Please see the references for details.

Pure Software Lore Multiple Cross Site Scripting Vulnerabilities

References:

• Pure Software Change Log (Pure Software)
  
• Pure Software Homepage (Pure Software)