AzDGDatingMedium Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	40000
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 07 2010 12:00AM
Updated:	May 07 2010 12:00AM
Credit:	Mohammed Boumediane, Vupen
Vulnerable:	Azerbaijan Development Group AzDGDatingMedium 0
Not Vulnerable:	Azerbaijan Development Group AzDGDatingMedium 1.9.5

AzDGDatingMedium Multiple Cross Site Scripting Vulnerabilities

AzDGDatingMedium is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to AzDGDatingMedium 1.9.5 are vulnerable.

AzDGDatingMedium Multiple Cross Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI.

AzDGDatingMedium Multiple Cross Site Scripting Vulnerabilities

Solution:
Vendor updates are available. Please see the references for more information.

AzDGDatingMedium Multiple Cross Site Scripting Vulnerabilities

References:

• AzDGDatingMedium Homepage (AzDG)
  
• AzDGDatingMedium Multiple Vulnerabilities (AzDG)