NOAH Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	30747
Class:	Input Validation Error
CVE:	CVE-2008-3730
Remote:	Yes
Local:	No
Published:	Aug 12 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Nordicwind
Vulnerable:	Nordicwind NOAH 3.2.1
Not Vulnerable:	Nordicwind NOAH 3.2.2

NOAH Unspecified Cross-Site Scripting Vulnerability

NOAH (The Nordicwind Document Management System) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to NOAH 3.2.2 are affected.

NOAH Unspecified Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

NOAH Unspecified Cross-Site Scripting Vulnerability

Solution:
The vendor has released updates. Please see the references for more information.


Nordicwind NOAH 3.2.1

• Nordicwind Nordicwind Document Management System
  http://www.nordicwind.ca/cgi-bin/noah/downloadpage.cgi

NOAH Unspecified Cross-Site Scripting Vulnerability

References:

• NOAH Security Vulnerability : Cross-Site Scripting (Nordicwind )
  
• NOAH Homepage (Nordicwind )