LxCenter Kloxo Multiple HTML Injection Vulnerabilities

Bugtraq ID:	51964
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 10 2012 12:00AM
Updated:	Feb 10 2012 12:00AM
Credit:	Unknown
Vulnerable:	LxCenter Kloxos 6.1.10
Not Vulnerable:

LxCenter Kloxo Multiple HTML Injection Vulnerabilities

LxCenter Kloxo is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Kloxo 6.1.0 is vulnerable; other versions may be affected.

LxCenter Kloxo Multiple HTML Injection Vulnerabilities

An attacker can exploit these issues through a browser.

The following proof of concept is available:

• /data/vulnerabilities/exploits/51964.txt

LxCenter Kloxo Multiple HTML Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

LxCenter Kloxo Multiple HTML Injection Vulnerabilities

References:

• Kloxo Homepage (LxCenter)
  
• Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities ([email protected])
  
• Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities (Unknown)