Xajax Unspecified Cross-Site Scripting Vulnerability
TITLE: Xajax Unspecified Cross-Site Scripting Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 16 2007 12:00AM
UPDATE: May 16 2007 09:08PM
CREDIT: The vendor reported this vulnerability.
VULNERABLE:
Xajax Xajax 0.2.4NOT VULNERABLE:
Xajax Xajax 0.2.5
Vai alla pagina originale su Security Focus
Discussion
Xajax is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects versions of Xajax prior to 0.2.5.
Exploit
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution
Solution:
The vendor has released fixes to address this issue; please see the references for details.
Xajax Xajax 0.2.4
- Xajax Xajax 0.2.5
http://downloads.sourceforge.net/xajax/xajax_0.2.5.zip?modtime=1179306276&big_mirror=0
References
References:
- Xajax Homepage (Xajax)
- xajax PHP and Javascript library changelog (Xajax)