Nokia Electronic Documentation Cross-Site Scripting Vulnerability

vendor:

Nokia Electronic Documentation

by:

SecurityFocus

4.3

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: Nokia Electronic Documentation

Affected Version From: 5

Affected Version To: 5

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Nokia Electronic Documentation Cross-Site Scripting Vulnerability

Nokia Electronic Documentation (NED) has been reported prone to a cross-site scripting vulnerability. The issue has been conjectured to present itself due to a lack of sufficient sanitization performed on user supplied data. A remote attacker may exploit this issue by enticing a target user to follow a malicious link to the affected Nokia Electronic Documentation site, which contains embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed.

Mitigation:

Input validation should be used to ensure that user supplied data is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8626/info

Nokia Electronic Documentation (NED) has been reported prone to a cross-site scripting vulnerability. The issue has been conjectured to present itself due to a lack of sufficient sanitization performed on user supplied data.

A remote attacker may exploit this issue by enticing a target user to follow a malicious link to the affected Nokia Electronic Documentation site, which contains embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed.

It should be noted that although this vulnerability has been reported to affect Nokia Electronic Documentation version 5.0, previous versions might also be affected.


http://www.example.com/docs/<script>alert('@stake');</script>