Astaro Command Center Multiple HTML Injection Vulnerabilities

Bugtraq ID:	52870
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 03 2012 12:00AM
Updated:	Apr 03 2012 12:00AM
Credit:	Vulnerability-Lab Team
Vulnerable:	Astaro Command Center 2.201
Not Vulnerable:	Astaro Command Center 3.002

Astaro Command Center Multiple HTML Injection Vulnerabilities

Astaro Command Center is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Astaro Command Center 2.x are vulnerable.

Astaro Command Center Multiple HTML Injection Vulnerabilities

Attackers can use a browser to exploit these issues.
The following example data is available:

• /data/vulnerabilities/exploits/52870.txt

Astaro Command Center Multiple HTML Injection Vulnerabilities

Solution:
Vendor updates are available. Please see the references for more information.

Astaro Command Center Multiple HTML Injection Vulnerabilities

References:

• Astaro Command Center v2.x - Multiple Web Vulnerabilities (Vulnerability-Lab)
  
• Command Center (Astaro)