[2/5] Tripwire Enterprise Login Page Cross-Site Scripting Vulnerability

January 31st, 2008 by

[2/5] Tripwire Enterprise Login Page Cross-Site Scripting Vulnerability

:Dave Lewis has reported a vulnerability in Tripwire Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed via unspecified parameters to the web management login page is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.The vulnerability is reported in version 7.0. Prior versions may also be affected.Solution:Update to version 7.0.1 or apply patch (contact the vendor for more information).Provided and/or discovered by:Dave LewisOriginal Advisory:http://www.liquidmatrix.org/blog/2008…ripwire-enterprise-xss-vulnerability/

Original post by pooja

[2/5] Tripwire Enterprise Login Page Cross-Site Scripting Vulnerability

Related Articles:

[2/5] Sophos Email Appliance Login Page “error/go” Cross-Site Scripting

[2/5] Magnolia Enterprise Edition Sitedesigner “query” Cross-Site Scripting

[2/5] Adobe LiveCycle Workflow Web Management Login Cross-Site Scripting Vulnerability

[2/5] Websense “username” Cross-Site Scripting Vulnerability

[2/5] HyperVM “frm_emessage” Cross-Site Scripting Vulnerability

Posted in Advisories - Exploits | | [2/5] Tripwire Enterprise Login Page Cross-Site Scripting Vulnerability

<< [2/5] Xdg-utils Command Injection Vulnerabilities | [3/5] Gentoo update for libxml2 >>

Cybertrion Systems

[2/5] Tripwire Enterprise Login Page Cross-Site Scripting Vulnerability

Categories

Archives:

Search:

Meta: