SocialEngine Multiple Input Validation Vulnerabilities
BID:53680
Info
SocialEngine Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 53680 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2216 |
| Remote: | Yes |
| Local: | No |
| Published: | May 24 2012 12:00AM |
| Updated: | May 24 2012 12:00AM |
| Credit: | Tiago Natel de Moura |
| Vulnerable: |
Social Engine Social Engine 4.2.2 |
| Not Vulnerable: |
Social Engine Social Engine 4.2.4 |
Discussion
SocialEngine Multiple Input Validation Vulnerabilities
SocialEngine is prone to the following input validation vulnerabilities:
1. A cross-site scripting vulnerability.
2. Multiple HTML-injection vulnerabilities.
3. Multiple cross-site request-forgery vulnerabilities.
An attacker can exploit these issues to steal cookie-based authentication credentials, to perform unauthorized actions in the context of a user's session, or to disclose sensitive-information.
SocialEngine 4.2.2 is vulnerable; other versions may also be affected.
SocialEngine is prone to the following input validation vulnerabilities:
1. A cross-site scripting vulnerability.
2. Multiple HTML-injection vulnerabilities.
3. Multiple cross-site request-forgery vulnerabilities.
An attacker can exploit these issues to steal cookie-based authentication credentials, to perform unauthorized actions in the context of a user's session, or to disclose sensitive-information.
SocialEngine 4.2.2 is vulnerable; other versions may also be affected.
Exploit / POC
SocialEngine Multiple Input Validation Vulnerabilities
An attacker can exploit these issues through a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
An attacker can exploit these issues through a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
SocialEngine Multiple Input Validation Vulnerabilities
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
SocialEngine Multiple Input Validation Vulnerabilities
References:
References:
- CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF) (Tiago Natel de Moura)
- SocialEngine Homepage (Webligo Developments)