Digirez Two Cross-Site Scripting Vulnerabilities

Monday, 28 May 2007

Linux_Drox has reported two vulnerabilities in Digirez, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "Room_name" parameter in /room/info_book.asp and "curYear" parameter in /room/week.asp are not properly sanitised before being returned to a user. These can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 3.4. Other versions may also be affected.

Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:

Share this content:
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.