Search...

Publicist Comment Box XSS

2006-05-23T08:04:11

ID OSVDB:25765
Type osvdb
Reporter luny(luny@youfucktard.com)
Modified 2006-05-23T08:04:11

Description

Vulnerability Description

Publicist contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate inpu submitted to the applications comment box. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

References:

Vendor URL: http://publicist.kau.se/ Secunia Advisory ID:20274 Related OSVDB ID: 25762 Related OSVDB ID: 25763 Related OSVDB ID: 25766 Related OSVDB ID: 25764 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0489.html

JSON Vulners Source

Initial Source

{"edition": 1, "title": "Publicist Comment Box XSS", "bulletinFamily": "software", "published": "2006-05-23T08:04:11", "lastseen": "2017-04-28T13:20:22", "modified": "2006-05-23T08:04:11", "reporter": "luny(luny@youfucktard.com)", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:25765", "description": "## Vulnerability Description\nPublicist contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate inpu submitted to the applications comment box. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPublicist contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate inpu submitted to the applications comment box. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://publicist.kau.se/\n[Secunia Advisory ID:20274](https://secuniaresearch.flexerasoftware.com/advisories/20274/)\n[Related OSVDB ID: 25762](https://vulners.com/osvdb/OSVDB:25762)\n[Related OSVDB ID: 25763](https://vulners.com/osvdb/OSVDB:25763)\n[Related OSVDB ID: 25766](https://vulners.com/osvdb/OSVDB:25766)\n[Related OSVDB ID: 25764](https://vulners.com/osvdb/OSVDB:25764)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0489.html\n", "affectedSoftware": [{"name": "Publicist", "version": "0.95", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-04-28T13:20:22", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:22", "rev": 2}, "vulnersScore": -0.1}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:25765", "immutableFields": []}