[2/5] Sphider Suggestion Feature “query” Cross-Site Scripting Vulnerability

May 8th, 2008 by

[2/5] Sphider Suggestion Feature “query” Cross-Site Scripting Vulnerability

:Christian Holler has reported a vulnerability in Sphider, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to the "query" parameter in search.php when the suggestion feature is enabled is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.The vulnerability affects versions prior to 1.3.4.Solution:Update to version 1.3.4.http://www.sphider.eu/download.phpProvided and/or discovered by:Christian HollerOriginal Advisory:Christian Holler:http://users.own-hero.net/~decoder/advisories/sphider134-xss.txtSphider:http://www.sphider.eu/forum/read.php?2,4121

Original post by Pankaj

[2/5] Sphider Suggestion Feature “query” Cross-Site Scripting Vulnerability

Related Articles:

[2/5] ManageEngine Applications Manager “query” Cross-Site Scripting

[2/5] ASP Site Search SearchSimon Lite “QUERY” Cross-Site Scripting

[2/5] Magnolia Enterprise Edition Sitedesigner “query” Cross-Site Scripting

[2/5] FileMaker Pro/Server Instant Web Publishing Cross-Site Scripting

[2/5] WikkaWiki Information Disclosure and Cross-Site Scripting

Posted in Advisories - Exploits | | [2/5] Sphider Suggestion Feature “query” Cross-Site Scripting Vulnerability

<< [2/5] MySQL MyISAM Table Privilege Check Bypass | [2/5] Tux CMS Multiple Cross-Site Scripting Vulnerabilities >>

Cybertrion Systems

[2/5] Sphider Suggestion Feature “query” Cross-Site Scripting Vulnerability

Categories

Archives:

Search:

Meta: