SOS GmbH JobScheduler CVE-2014-5391 Unspecified DOM Based Cross Site Scripting Vulnerability
BID:69660
CVE-2014-5391 |Info
SOS GmbH JobScheduler CVE-2014-5391 Unspecified DOM Based Cross Site Scripting Vulnerability
| Bugtraq ID: | 69660 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5391 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 07 2014 12:00AM |
| Updated: | Sep 07 2014 12:00AM |
| Credit: | Christian Schneider |
| Vulnerable: |
SOS GmbH JobScheduler 1.7 SOS GmbH JobScheduler 1.6 |
| Not Vulnerable: |
SOS GmbH JobScheduler 1.7.4241 SOS GmbH JobScheduler 1.6.4246 |
Discussion
SOS GmbH JobScheduler CVE-2014-5391 Unspecified DOM Based Cross Site Scripting Vulnerability
SOS GmbH JobScheduler is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The following versions are affceted:
JobScheduler 1.6 versions prior to 1.6.424.
JobScheduler 1.7 versions prior to 1.7.4241.
SOS GmbH JobScheduler is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The following versions are affceted:
JobScheduler 1.6 versions prior to 1.6.424.
JobScheduler 1.7 versions prior to 1.7.4241.