IDevSpot idev-BusinessDirectory 'Search' Field Cross-Site Scripting Vulnerability

Bugtraq ID:	52171
Class:	Input Validation Error
CVE:	CVE-2012-1779
Remote:	Yes
Local:	No
Published:	Feb 25 2012 12:00AM
Updated:	Mar 19 2015 07:35AM
Credit:	Red Security TEAM
Vulnerable:	IDevSpot idev-BusinessDirectory 3.0
Not Vulnerable:

IDevSpot idev-BusinessDirectory 'Search' Field Cross-Site Scripting Vulnerability

IDevSpot idev-BusinessDirectory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

idev-BusinessDirectory 3.0 is vulnerable; other verisons may also be affected.

IDevSpot idev-BusinessDirectory 'Search' Field Cross-Site Scripting Vulnerability

Attackers must entice an unsuspecting victim into visiting a malicious URI.

IDevSpot idev-BusinessDirectory 'Search' Field Cross-Site Scripting Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IDevSpot idev-BusinessDirectory 'Search' Field Cross-Site Scripting Vulnerability

References:

• idev-BusinessDirectory Homepage (idevspot)