Oxwall Multiple Cross Site Scripting and HTML Injection Vulnerabilities
BID:52090
Info
Oxwall Multiple Cross Site Scripting and HTML Injection Vulnerabilities
| Bugtraq ID: | 52090 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0872 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 20 2012 12:00AM |
| Updated: | Feb 20 2012 12:00AM |
| Credit: | Aung Khant of YGN Ethical Hacker Group. |
| Vulnerable: |
Oxwall Software Oxwall 1.1.1 |
| Not Vulnerable: | |
Discussion
Oxwall Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Oxwall is prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Oxwall 1.1.1 and prior versions are vulnerable; other versions may also be affected.
Oxwall is prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Oxwall 1.1.1 and prior versions are vulnerable; other versions may also be affected.
Exploit / POC
Oxwall Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
Oxwall Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Solution:
Reportedly these issues are fixed in the latest version. Please contact the vendor for more information.
Solution:
Reportedly these issues are fixed in the latest version. Please contact the vendor for more information.
References
Oxwall Multiple Cross Site Scripting and HTML Injection Vulnerabilities
References:
References:
- OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (Aung Khant)
- Oxwall Homepage (Oxwall)
- OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (YGN Ethical Hacker Group)