iBoutique Error Page Cross-Site Scripting Vulnerability

Bugtraq ID:	39131
Class:	Input Validation Error
CVE:	CVE-2010-0804
Remote:	Yes
Local:	No
Published:	Jan 22 2010 12:00AM
Updated:	Mar 19 2015 08:41AM
Credit:	Andrea Bocchetti
Vulnerable:	NetArt Media iBoutique 4.0
Not Vulnerable:

iBoutique Error Page Cross-Site Scripting Vulnerability

iBoutique is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

iBoutique 4.0 is vulnerable; other versions may also be affected.

iBoutique Error Page Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

iBoutique Error Page Cross-Site Scripting Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel
we are in error or if you are aware of more recent information, please
mail us at: [email protected].

iBoutique Error Page Cross-Site Scripting Vulnerability

References:

• iBoutique Cross-Site Scripting Vulnerability (NetArt Media )