Almas Compiere Unspecified Cross Site Scripting Vulnerability
BID:39335
Info
Almas Compiere Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 39335 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2010 12:00AM |
| Updated: | Apr 01 2010 12:00AM |
| Credit: | Naruhisa Tadokoro of Kobe Digital Labo Inc. |
| Vulnerable: |
Almas Inc Compiere J300_A02 |
| Not Vulnerable: | |
Discussion
Almas Compiere Unspecified Cross Site Scripting Vulnerability
Almas Compiere is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Compiere J300_A02 is vulnerable; other versions may also be affected.
Almas Compiere is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Compiere J300_A02 is vulnerable; other versions may also be affected.
Exploit / POC
Almas Compiere Unspecified Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Almas Compiere Unspecified Cross Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Almas Compiere Unspecified Cross Site Scripting Vulnerability
References:
References:
- Compiere Home Page (Almas Inc)
- JVN#57963254 Compiere vulnerable to cross-site scripting (JVN)