header-logo
Suggest Exploit
vendor:
activeWeb contentserver
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: activeWeb contentserver
Affected Version From: Prior to contentserver 5.6.2964
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE: a:activeweb:contentserver
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerabilities in activeWeb contentserver

activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update to contentserver version 5.6.2964 or later. Additionally, input validation and output encoding should be implemented to properly sanitize user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24895/info

activeWeb contentserver is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Reports indicate that versions prior to contentserver 5.6.2964 are vulnerable to this issue.

http://www.example.com/errors/rights.asp?awReadAccessRight=True&msg=<script>alert('XSS')</script>

Navigation

Suggest Exploit

Services By CQR