vendor:
StoryServer
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: StoryServer
Affected Version From: Vignette StoryServer version 4
Affected Version To: Vignette StoryServer version 6
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Vignette software Cross-Site Scripting Vulnerabilities
Vignette software has been reported prone to multiple cross-site scripting vulnerabilities. Reportedly the issue presents itself, because the Vignette software does not sufficiently sanitize HTML characters from user-supplied data. It may be possible for an attacker to supply and execute HTML and script code on a web client in the context of the site hosting the Vignette software. This may allow for theft of cookie-based authentication credentials and other attacks.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized. Additionally, applications should be configured to use secure authentication mechanisms such as SSL.