Helm Control Panel users.asp Multiple Variable XSS

2006-11-14T07:49:31
ID OSVDB:30460
Type osvdb
Reporter OSVDB
Modified 2006-11-14T07:49:31

Description

Manual Testing Notes

http://[target]/[path]/users.asp?SKey=AKU7ACC552W25EA4E8RPBYP67D7EB6RAAJPM8XKA&txtCompanyName=[XSS]&btnSubmit.x=0&btnSubmit.y=0 http://[target]/[path]/users.asp?txtEmail=[XSS]&btnSubmit.x=0&btnSubmit.y=0 http://[target]/[path]/users.asp?txtUserAccNum=[XSS]&btnSubmit.x=0&btnSubmit.y=0

References:

Security Tracker: 1017240 Secunia Advisory ID:22916 Other Advisory URL: http://aria-security.net/advisory/helm.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0263.html ISS X-Force ID: 30309 FrSIRT Advisory: ADV-2006-4557 CVE-2006-5984