{"edition": 1, "title": "Caucho Resin session.jsp XSS ", "bulletinFamily": "software", "published": "2003-10-20T00:00:00", "lastseen": "2017-04-28T13:19:57", "history": [], "modified": "2003-10-20T00:00:00", "reporter": "Donnie Werner(wood@e2-labs.com)", "hash": "36e3beec757b2f58fee00eac3b354f9b24a140b28bcf4e4456d54bd8daccbae8", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:3390", "description": "## Vulnerability Description\nResin sample scripts contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the session.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 3.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): remove the session.jsp script if it is not needed\n## Short Description\nResin sample scripts contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the session.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.caucho.com/resin/index.xtp\nSnort Signature ID: 1497\n[Secunia Advisory ID:10031](https://secuniaresearch.flexerasoftware.com/advisories/10031/)\n[Related OSVDB ID: 3393](https://vulners.com/osvdb/OSVDB:3393)\n[Related OSVDB ID: 3394](https://vulners.com/osvdb/OSVDB:3394)\n[Related OSVDB ID: 4983](https://vulners.com/osvdb/OSVDB:4983)\n[Related OSVDB ID: 3388](https://vulners.com/osvdb/OSVDB:3388)\n[Nessus Plugin ID:10815](https://vulners.com/search?query=pluginID:10815)\nKeyword: EXPL-A-2003-026 exploitlabs.com Advisory 026\nISS X-Force ID: 13460\nGeneric Informational URL: http://lists.netsys.com/pipermail/full-disclosure/2003-October/012361.html\nBugtraq ID: 8852\n", "affectedSoftware": [{"name": "Resin", "version": "2.0 b2", "operator": "eq"}, {"name": "Resin", "version": "2.1.1", "operator": "eq"}, {"name": "Resin", "version": "2.1.2", "operator": "eq"}, {"name": "Resin", "version": "2.1.s020711", "operator": "eq"}, {"name": "Resin", "version": "2.0", "operator": "eq"}], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "cdf1b674157eaacdb1a3edf01a2a5959"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "08534b368e4a6d505130c171dda89ab4"}, {"key": "href", "hash": "a55bdf4f1a87ed1196ab8bb633a6aa02"}, {"key": "modified", "hash": "0da6b4a91c4ec9fc50f23e67197f5caf"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "0da6b4a91c4ec9fc50f23e67197f5caf"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6477b32c566fa412a53901c5c92fb618"}, {"key": "title", "hash": "cddd8774b89492f52bd18cf50d3f0542"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"vulnersScore": 4.3}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:3390"}

{"result": {}}