[2/5] Maian Recipe Cross-Site Scripting Vulnerabilities

May 9th, 2008 by

[2/5] Maian Recipe Cross-Site Scripting Vulnerabilities

:Khashayar Fereidani has reported some vulnerabilities in Maian Recipe, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to the "header", "header2", "header3", "header4", "header5", "header6", "header7", "header8", and "header9" parameters in admin/inc/header.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.Successful exploitation requires that "register_globals" is enabled.The vulnerabilities are reported in version 1.2. Other versions may also be affected.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:Khashayar Fereidani a.k.a. Dr.CrashOriginal Advisory:http://archives.neohapsis.com/archives/bugtraq/2008-05/0046.html

Original post by amit

[2/5] Maian Recipe Cross-Site Scripting Vulnerabilities

Related Articles:

[2/5] Maian Guestbook footer.php Cross-Site Scripting Vulnerabilities

[2/5] Maian Weblog Multiple Cross-Site Scripting Vulnerabilities

[2/5] Maian Uploader Multiple Cross-Site Scripting Vulnerabilities

[2/5] Maian Links Multiple Cross-Site Scripting Vulnerabilities

[2/5] Maian Support Multiple Cross-Site Scripting Vulnerabilities

Posted in Advisories - Exploits | | [2/5] Maian Recipe Cross-Site Scripting Vulnerabilities

<< [3/5] Zarafa Script Insertion Vulnerabilities | [2/5] Maian Guestbook footer.php Cross-Site Scripting Vulnerabilities >>

Cybertrion Systems

[2/5] Maian Recipe Cross-Site Scripting Vulnerabilities

Categories

Archives:

Search:

Meta: