Web application abuses : Sun Solaris AnswerBook2 <= 1.4.4 Multiple XSS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100388

Categoría: Web application abuses

Título: Sun Solaris AnswerBook2 <= 1.4.4 Multiple XSS Vulnerabilities - Active Check

Resumen: Sun Solaris AnswerBook2 is prone to multiple cross-site; scripting (XSS) vulnerabilities. These issues arise due to insufficient sanitization of; user-supplied data facilitating execution of arbitrary HTML and script code in a user's; browser.

Descripción: Summary:
Sun Solaris AnswerBook2 is prone to multiple cross-site
scripting (XSS) vulnerabilities. These issues arise due to insufficient sanitization of
user-supplied data facilitating execution of arbitrary HTML and script code in a user's
browser.

Vulnerability Insight:
The following specific issues were identified:

- It is reported that the Search function of the application is affected by a cross-site
scripting vulnerability.

- The AnswerBook2 admin interface is prone to cross-site scripting attacks as well.

Vulnerability Impact:
These issues can lead to theft of cookie based credentials and
other attacks.

Affected Software/OS:
AnswerBook2 version 1.4.4 and prior.

Solution:
Sun has released an advisory to address these issues. The
vendor recommends disabling the application and referring to Sun documentation at the Sun Product
Documentation Web site.

Please see the referenced advisory for more information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0548
Bugtraq: 20050328 Multiple XSS issues in Sun AnswerBook2 (Google Search)
http://marc.info/?l=bugtraq&m=111205163531628&w=2
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1
Common Vulnerability Exposure (CVE) ID: CVE-2005-0549

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100388
Categoría:	Web application abuses
Título:	Sun Solaris AnswerBook2 <= 1.4.4 Multiple XSS Vulnerabilities - Active Check
Resumen:	Sun Solaris AnswerBook2 is prone to multiple cross-site; scripting (XSS) vulnerabilities. These issues arise due to insufficient sanitization of; user-supplied data facilitating execution of arbitrary HTML and script code in a user's; browser.
Descripción:	Summary: Sun Solaris AnswerBook2 is prone to multiple cross-site scripting (XSS) vulnerabilities. These issues arise due to insufficient sanitization of user-supplied data facilitating execution of arbitrary HTML and script code in a user's browser. Vulnerability Insight: The following specific issues were identified: - It is reported that the Search function of the application is affected by a cross-site scripting vulnerability. - The AnswerBook2 admin interface is prone to cross-site scripting attacks as well. Vulnerability Impact: These issues can lead to theft of cookie based credentials and other attacks. Affected Software/OS: AnswerBook2 version 1.4.4 and prior. Solution: Sun has released an advisory to address these issues. The vendor recommends disabling the application and referring to Sun documentation at the Sun Product Documentation Web site. Please see the referenced advisory for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0548 Bugtraq: 20050328 Multiple XSS issues in Sun AnswerBook2 (Google Search) http://marc.info/?l=bugtraq&m=111205163531628&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1 Common Vulnerability Exposure (CVE) ID: CVE-2005-0549
Copyright	Copyright (C) 2009 Greenbone AG