myCare2x Multiple Input Validation Vulnerabilities

Bugtraq ID:	53392
Class:	Input Validation Error
CVE:	CVE-2012-4260 CVE-2012-4262 CVE-2012-4261
Remote:	Yes
Local:	No
Published:	May 02 2012 12:00AM
Updated:	Aug 17 2012 12:50PM
Credit:	Ibrahim El-Sayed, Benjamin Kunz
Vulnerable:	healthcare Consulting GmbH myCare2x 0
Not Vulnerable:

myCare2x Multiple Input Validation Vulnerabilities

myCare2x is prone to multiple input validation vulnerabilities because it fails to properly sanitize user-supplied input.

Successful exploits of these issues allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

myCare2x Multiple Input Validation Vulnerabilities

Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.

• /data/vulnerabilities/exploits/53392.txt

myCare2x Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

myCare2x Multiple Input Validation Vulnerabilities

References:

• myCare2x homepage (healthcare Consulting GmbH)
  
• myCare2x vulnerability lab Reference (healthcare Consulting GmbH)