WebsiteBaker HTTP 'Referer' Header Cross Site Scripting Vulnerabilities

Bugtraq ID:	52087
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 20 2012 12:00AM
Updated:	Feb 20 2012 12:00AM
Credit:	Stefan Schurtz
Vulnerable:	WebsiteBaker WebsiteBaker 2.8.2 SP2
Not Vulnerable:	WebsiteBaker WebsiteBaker 2.8.3

WebsiteBaker HTTP 'Referer' Header Cross Site Scripting Vulnerabilities

WebsiteBaker is prone to cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

WebsiteBaker 2.8.2 SP2 is vulnerable; other versions may be affected.

WebsiteBaker HTTP 'Referer' Header Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

WebsiteBaker HTTP 'Referer' Header Cross Site Scripting Vulnerabilities

Solution:
Updates are available. Please contact the vendor for more information.

WebsiteBaker HTTP 'Referer' Header Cross Site Scripting Vulnerabilities

References:

• Website Baker Homepage (Website Baker Project)
  
• WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability (Stefan Schurtz)
  
• WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability (Stefan Schurtz)