header-logo
Suggest Exploit
vendor:
WebWeaver
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: WebWeaver
Affected Version From: 01.07
Affected Version To: 01.07
Patch Exists: YES
Related CWE: N/A
CPE: brs-webweaver
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

BRS WebWeaver Cross-Site Scripting Vulnerability

BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server. Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.

Mitigation:

Input validation should be used to prevent hostile code from being embedded in links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9516/info

BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server.

Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.

This issue was reported in BRS WebWeaver 1.07. Earlier versions may also be affected. 

http://www.example.com/scripts/ISAPISkeleton.dll?<script>alert("Ooops!")</script>

Navigation

Suggest Exploit

Services By CQR