SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnerabilities
BID:9801
Info
SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 9801 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-2550 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2004 12:00AM |
| Updated: | Mar 03 2004 12:00AM |
| Credit: | This vulnerability was announced by pcxuser. |
| Vulnerable: |
SandSurfer SandSurfer 1.7 .0 SandSurfer SandSurfer 1.6.5 |
| Not Vulnerable: |
SandSurfer SandSurfer 1.7.1 |
Discussion
SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnerabilities
It has been reported that a number of undisclosed SandSurfer scripts are prone to cross-site scripting vulnerabilities.
This could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
It has been reported that a number of undisclosed SandSurfer scripts are prone to cross-site scripting vulnerabilities.
This could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
Exploit / POC
SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released an update to address this issue:
SandSurfer SandSurfer 1.6.5
SandSurfer SandSurfer 1.7 .0
Solution:
The vendor has released an update to address this issue:
SandSurfer SandSurfer 1.6.5
-
SandSurfer SandSurfer-1.7.1.tar.gz
http://prdownloads.sourceforge.net/sandsurfer/SandSurfer-1.7.1.tar.gz? download
SandSurfer SandSurfer 1.7 .0
-
SandSurfer SandSurfer-1.7.1.tar.gz
http://prdownloads.sourceforge.net/sandsurfer/SandSurfer-1.7.1.tar.gz? download
References
SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnerabilities
References:
References:
- SandSurfer 1.7.1 fixes XSS vulnerabilities! (SandSurfer)
- SandSurfer Homepage (SandSurfer)