Digirez Two Cross-Site Scripting Vulnerabilities
Monday, 28 May 2007
Linux_Drox has reported two vulnerabilities in Digirez, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "Room_name" parameter in /room/info_book.asp and "curYear" parameter in /room/week.asp are not properly sanitised before being returned to a user. These can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 3.4. Other versions may also be affected.
Filter malicious characters and character sequences in a web proxy.
Provided and/or discovered by:
Share this content: