| Secunia Advisory: |
SA29888 |
|
|
Release Date: |
2008-04-22 |
|
| Critical: |
Less critical |
| Impact: |
Cross Site Scripting
|
| Where: |
From remote
|
| Solution Status: |
Unpatched |
|
| Software: |
ContRay 3.x
| Description:
Russ McRee has reported a vulnerability in ContRay, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "search" parameter in cgi-bin/contray/search.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user"s browser session in context of an affected site.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
Russ McRee
|
