BRS WebWeaver ISAPISkeleton.dll XSS

2004-01-29T03:18:45
ID OSVDB:3741
Type osvdb
Reporter OSVDB
Modified 2004-01-29T03:18:45

Description

Vulnerability Description

BRS WebWeaver contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application "ISAPISkeleton.dll" returns input unfiltered. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Use a proxy or firewall with URL filtering capabilities to filter malicious requests.

Short Description

BRS WebWeaver contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application "ISAPISkeleton.dll" returns input unfiltered. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Secunia Advisory ID:10741 Related OSVDB ID: 2604 CVE-2004-2128 Bugtraq ID: 9516