ID OSVDB:5809 Type osvdb Reporter Gregory Le Bras(gregory.lebras@security-corporation.com) Modified 2003-03-27T00:00:00
Description
Vulnerability Description
Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate path variables upon submission to the create.stm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Upgrade to version 6.0 beta 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate path variables upon submission to the create.stm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Vendor URL: http://www.sambar.com/security.htm
Security Tracker: 1006390
Secunia Advisory ID:8434
Other Advisory URL: http://www.security-corporation.com/advisories-012.html
Nessus Plugin ID:11492
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q1/1190.html
ISS X-Force ID: 11634
Bugtraq ID: 7209
{"edition": 1, "title": "Sambar Server create.stm path Variable XSS", "bulletinFamily": "software", "published": "2003-03-27T00:00:00", "lastseen": "2017-04-28T13:20:00", "modified": "2003-03-27T00:00:00", "reporter": "Gregory Le Bras(gregory.lebras@security-corporation.com)", "viewCount": 26, "href": "https://vulners.com/osvdb/OSVDB:5809", "description": "## Vulnerability Description\nSambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate path variables upon submission to the create.stm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version 6.0 beta 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nSambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate path variables upon submission to the create.stm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/sysuser/docmgr/create.stm?path=[hostile_code] \n\n## References:\nVendor URL: http://www.sambar.com/security.htm\nSecurity Tracker: 1006390\n[Secunia Advisory ID:8434](https://secuniaresearch.flexerasoftware.com/advisories/8434/)\nOther Advisory URL: http://www.security-corporation.com/advisories-012.html\n[Nessus Plugin ID:11492](https://vulners.com/search?query=pluginID:11492)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q1/1190.html\nISS X-Force ID: 11634\nBugtraq ID: 7209\n", "affectedSoftware": [{"name": "Sambar Server", "version": "5.1", "operator": "eq"}, {"name": "Sambar Server", "version": "4.1", "operator": "eq"}, {"name": "Sambar Server", "version": "4.2", "operator": "eq"}, {"name": "Sambar Server", "version": "5.0", "operator": "eq"}, {"name": "Sambar Server", "version": "5.3", "operator": "eq"}, {"name": "Sambar Server", "version": "4.4", "operator": "eq"}, {"name": "Sambar Server", "version": "4.0", "operator": "eq"}, {"name": "Sambar Server", "version": "4.3", "operator": "eq"}, {"name": "Sambar Server", "version": "5.2", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-04-28T13:20:00", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:00", "rev": 2}, "vulnersScore": -0.1}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:5809", "immutableFields": []}