epesi BIM Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	51149
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 21 2011 12:00AM
Updated:	Dec 21 2011 12:00AM
Credit:	High-Tech Bridge SA Security Research Lab
Vulnerable:	Telaxus LLC epesi BIM 1.2 rev 8154
Not Vulnerable:	Telaxus LLC epesi BIM 1.2.2 rev 8605

epesi BIM Multiple Cross-Site Scripting Vulnerabilities

epesi BIM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

epesi BIM 1.2.0 rev 8154 is vulnerable; prior versions may also be affected.

epesi BIM Multiple Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

The example URLs are available:

• /data/vulnerabilities/exploits/51149.txt

epesi BIM Multiple Cross-Site Scripting Vulnerabilities

Solution:
Updates are available; please see the references for more information.

epesi BIM Multiple Cross-Site Scripting Vulnerabilities

References:

• epesi BIM Homepage (Telaxus LLC)
  
• epesi BIM Multiple Cross-Site Scripting Vulnerabilities (High-Tech Bridge SA Security Research Lab)