aeNovo Multiple Unspecified Scripts XSS

2005-10-07T11:22:24
ID OSVDB:19938
Type osvdb
Reporter DevilBox(devil_box@kapda.ir), Farhad Koosha(farhadkey@kapda.ir)
Modified 2005-10-07T11:22:24

Description

Vulnerability Description

aeNovo contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to multiple unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. No further details have been provided.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

aeNovo contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to multiple unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. No further details have been provided.

References:

Vendor URL: http://www.aenovo.co.uk/ Secunia Advisory ID:17117 Related OSVDB ID: 19936 Related OSVDB ID: 19937 Related OSVDB ID: 19939 Other Advisory URL: http://www.kapda.ir/advisory-78.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0080.html Keyword: KAPDA::#3 ISS X-Force ID: 22553 Bugtraq ID: 15038