Herberlin BremsServer Cross-Site Scripting Vulnerability
BID:9491
Info
Herberlin BremsServer Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9491 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-2113 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this issue has been credited to "Donato Ferrante" <[email protected]>. |
| Vulnerable: |
Herberlin BremsServer 1.2.4 |
| Not Vulnerable: | |
Discussion
Herberlin BremsServer Cross-Site Scripting Vulnerability
BremsServer has been reported to contain cross-site scripting vulnerabilities. This issue is due to the server failing to check or filter user strings that are sent to the server. An attacker may exploit these issues by creating a link that includes embedded malicious HTML and script code and enticing a user to follow it.
BremsServer has been reported to contain cross-site scripting vulnerabilities. This issue is due to the server failing to check or filter user strings that are sent to the server. An attacker may exploit these issues by creating a link that includes embedded malicious HTML and script code and enticing a user to follow it.
Exploit / POC
Herberlin BremsServer Cross-Site Scripting Vulnerability
The following proof of concept has been supplied:
http://www.example.com/<script>alert("Test")</script>
The following proof of concept has been supplied:
http://www.example.com/<script>alert("Test")</script>
Solution / Fix
Herberlin BremsServer Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Herberlin BremsServer Cross-Site Scripting Vulnerability
References:
References:
- BremsServer Home Page (Herberlin)
- Directory traversal and XSS in BremsServer 1.2.4 ("Donato Ferrante"
)