vendor:
WebInspect
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Application Script Injection
79
CWE
Product Name: WebInspect
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004
WebInspect Cross-Application Script Injection Vulnerability
WebInspect is vulnerable to a cross-application script injection vulnerability due to a failure of the application to properly sanitize user-supplied data prior to including it in content rendered in an Internet Explorer COM object. This vulnerability allows attackers to execute arbitrary script code in the context of the vulnerable application. By exploiting the knowledge of predictable files on the targeted system, attackers may also cause arbitrary script code to be executed in the 'Local Machine' zone, facilitating remote machine code installation and execution.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized prior to being included in content rendered in an Internet Explorer COM object.
