BRS WebWeaver 1.0.7 ISAPISkeleton.dll Cross-Site Scripting Vulnerability

2004-01-28T00:00:00
ID EDB-ID:23612
Type exploitdb
Reporter Oliver Karow
Modified 2004-01-28T00:00:00

Description

BRS WebWeaver 1.0.7 ISAPISkeleton.dll Cross-Site Scripting Vulnerability. CVE-2004-2128. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/9516/info

BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server.

Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.

This issue was reported in BRS WebWeaver 1.07. Earlier versions may also be affected. 

http://www.example.com/scripts/ISAPISkeleton.dll?<script>alert("Ooops!")</script>