[2/5] NetCommons Unspecified Cross-Site Scripting Vulnerability

November 5th, 2007 by

[2/5] NetCommons Unspecified Cross-Site Scripting Vulnerability

:A vulnerability has been reported in NetCommons, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to unspecified parameters is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of the affected site.The vulnerability is reported in 1.0.X prior to version 1.0.11 and 1.1.X prior to version 1.1.2Solution:Update to version 1.0.11 or 1.1.2.Provided and/or discovered by:EKYUASUKAI Technology Co., Ltd. Hiroshi HukumoriOriginal Advisory:NetCommons:http://www.netcommons.org/modules/jou…1&news_id=316&op=comment#2121JVN:http://jvn.jp/jp/JVN%2379295963/index.html

Original post by Pankaj

[2/5] NetCommons Unspecified Cross-Site Scripting Vulnerability

Related Articles:

[2/5] ClanSphere Unspecified Cross-Site Scripting Vulnerabilities

[2/5] Nessus Unspecified Cross-Site Scripting Vulnerability

[2/5] Nagios Unspecified Cross-Site Scripting Vulnerability

[2/5] Rainboard Unspecified Cross-Site Scripting

[2/5] Stephen Ostermiller Contact Form Unspecified Cross-Site Scripting

Posted in Advisories - Exploits | | [2/5] NetCommons Unspecified Cross-Site Scripting Vulnerability

<< [3/5] E-Vendejo “id” SQL Injection Vulnerability | [3/5] GNU Emacs Local Variable Processing Vulnerability >>

Cybertrion Systems

[2/5] NetCommons Unspecified Cross-Site Scripting Vulnerability

Categories

Archives:

Search:

Meta: