mnoGoSearch Cross Site Scripting and Information Disclosure Vulnerabilities
BID:58242
Info
mnoGoSearch Cross Site Scripting and Information Disclosure Vulnerabilities
| Bugtraq ID: | 58242 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2013 12:00AM |
| Updated: | Mar 01 2013 12:00AM |
| Credit: | Sergey Bobrov of Positive Research Center |
| Vulnerable: |
mnoGoSearch mnoGoSearch 3.3.12 |
| Not Vulnerable: | |
Discussion
mnoGoSearch Cross Site Scripting and Information Disclosure Vulnerabilities
mnoGoSearch is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.
An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
mnoGoSearch 3.3.12 is vulnerable; other versions may also be affected.
mnoGoSearch is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.
An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
mnoGoSearch 3.3.12 is vulnerable; other versions may also be affected.
Exploit / POC
mnoGoSearch Cross Site Scripting and Information Disclosure Vulnerabilities
The information disclosure vulnerability can be exploited with a web browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
The information disclosure vulnerability can be exploited with a web browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
mnoGoSearch Cross Site Scripting and Information Disclosure Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
mnoGoSearch Cross Site Scripting and Information Disclosure Vulnerabilities
References:
References:
- mnoGoSearch Homepage (mnoGoSearch)