One Click Orgs Multiple Security Vulnerabilities
BID:50813
Info
One Click Orgs Multiple Security Vulnerabilities
| Bugtraq ID: | 50813 |
| Class: | Unknown |
| CVE: |
CVE-2011-4552 CVE-2011-4553 CVE-2011-4554 CVE-2011-4555 CVE-2011-4678 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 24 2011 12:00AM |
| Updated: | Dec 07 2011 08:57PM |
| Credit: | Darren McDonald |
| Vulnerable: |
One Click Orgs One Click Orgs 1.2.1 |
| Not Vulnerable: |
One Click Orgs One Click Orgs 1.2.3 |
Discussion
One Click Orgs Multiple Security Vulnerabilities
One Click Orgs is prone to an HTML-injection vulnerabilities, a denial-of-service vulnerability, a URI open-email-relay vulnerability, and an open-redirection vulnerability because the application fails to sufficiently sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Attacker can exploit the open-email-relay vulnerability to send unsolicited spam email to an unrestricted number of email addresses from a forged email address.
Attackers can exploit the denial-of-service issue to cause the affected device to become unresponsive, resulting in a denial-of-service condition.
One Click Orgs is prone to an HTML-injection vulnerabilities, a denial-of-service vulnerability, a URI open-email-relay vulnerability, and an open-redirection vulnerability because the application fails to sufficiently sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Attacker can exploit the open-email-relay vulnerability to send unsolicited spam email to an unrestricted number of email addresses from a forged email address.
Attackers can exploit the denial-of-service issue to cause the affected device to become unresponsive, resulting in a denial-of-service condition.
Exploit / POC
One Click Orgs Multiple Security Vulnerabilities
An attacker can exploit these issues via a browser.
An attacker can exploit these issues via a browser.
Solution / Fix
One Click Orgs Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
One Click Orgs Multiple Security Vulnerabilities
References:
References:
- One Click Orgs Homepage (One Click Orgs)
- One Click Orgs 1.4.1 Multiple Vulnerabilities (One Click Orgs)