ID OSVDB:9267 Type osvdb Reporter OSVDB Modified 2004-08-24T09:02:52
Description
Vulnerability Description
Novell iChain contains a undisclosed flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed to the webserver upon submission to an undisclosed script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server allowing the user to possibly steal login credentials, leading to a loss of integrity.
Solution Description
Currently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.
Short Description
Novell iChain contains a undisclosed flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed to the webserver upon submission to an undisclosed script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server allowing the user to possibly steal login credentials, leading to a loss of integrity.
{"title": "Novell iChain Login Credential XSS", "published": "2004-08-24T09:02:52", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2017-04-28T13:20:04", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-2580"]}], "modified": "2017-04-28T13:20:04", "rev": 2}, "vulnersScore": 4.8}, "cvelist": ["CVE-2004-2580"], "viewCount": 2, "affectedSoftware": [{"version": "2.3", "name": "iChain", "operator": "eq"}], "id": "OSVDB:9267", "modified": "2004-08-24T09:02:52", "href": "https://vulners.com/osvdb/OSVDB:9267", "edition": 1, "description": "## Vulnerability Description\nNovell iChain contains a undisclosed flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed to the webserver upon submission to an undisclosed script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server allowing the user to possibly steal login credentials, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.\n## Short Description\nNovell iChain contains a undisclosed flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed to the webserver upon submission to an undisclosed script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server allowing the user to possibly steal login credentials, leading to a loss of integrity.\n## References:\nSecurity Tracker: 1011074\n[Secunia Advisory ID:12366](https://secuniaresearch.flexerasoftware.com/advisories/12366/)\n[Related OSVDB ID: 9268](https://vulners.com/osvdb/OSVDB:9268)\n[Related OSVDB ID: 9269](https://vulners.com/osvdb/OSVDB:9269)\n[Related OSVDB ID: 9266](https://vulners.com/osvdb/OSVDB:9266)\nOther Advisory URL: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2969621.htm\nISS X-Force ID: 17133\n[CVE-2004-2580](https://vulners.com/cve/CVE-2004-2580)\nBugtraq ID: 11061\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/", "score": 5.8}, "lastseen": "2017-04-28T13:20:04", "immutableFields": []}
