ADPLAN SEO Unspecified Cross Site Scripting Vulnerability
TITLE: ADPLAN SEO Unspecified Cross Site Scripting Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 07 2007 12:00AM
UPDATE: Jun 07 2007 12:00AM
CREDIT: Mitsui is credited with the discovery of this vulnerability.
VULNERABLE:
ADPLAN SEO 3.0NOT VULNERABLE:
ADPLAN SEO 4.0
Vai alla pagina originale su Security Focus
Discussion
ADPLAN SEO is prone to an unspecified cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks.
ADPLAN SEO 3 is vulnerable to this issue; other versions may also be affected.
Exploit
Attackers can use a browser to exploit this issue.
Solution
Solution:
The vendor has released an updated version that addresses this vulnerability. Please see the references for more information.
References
References:
- JVN#23891849 (JVN)
- Vendor Homepage (ADPLAN)