BRS WebWeaver 1.0.7 ISAPISkeleton.dll Cross-Site Scripting Vulnerability

ID EDB-ID:23612
Type exploitdb
Reporter Oliver Karow
Modified 2004-01-28T00:00:00


BRS WebWeaver 1.0.7 ISAPISkeleton.dll Cross-Site Scripting Vulnerability. CVE-2004-2128. Remote exploit for windows platform


BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server.

Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.

This issue was reported in BRS WebWeaver 1.07. Earlier versions may also be affected.<script>alert("Ooops!")</script>