vendor:
WebBatch
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting, Information Disclosure
79
CWE
Product Name: WebBatch
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
WebBatch Cross-Site Scripting and Information Disclosure Vulnerabilities
WebBatch is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may leverage the information-disclosure issue to obtain potentially sensitive information that could aid in further attacks.
Mitigation:
To mitigate the cross-site scripting vulnerability, it is recommended to properly sanitize user-supplied input before using it in dynamic web content. To mitigate the information-disclosure vulnerability, it is recommended to limit access to sensitive information and implement proper access controls.
