Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ProCheckUp Security Advisory 2009.19

🗓️ 29 Jan 2010 00:00:00Reported by ProCheckUpType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

PR09-19: Cross-Site Scripting (XSS) on Commonspot server. Vulnerability found on 17th December 2009. Successfully tested on Commonspot server

Code
`PR09-19: Cross-Site Scripting (XSS) on CommonSpot server  
  
Vulnerability found: 17th December 2009  
  
Vendor informed: 18th December 2009  
  
Severity: Medium  
  
Successfully tested on: Commonspot server  
  
http://www.paperthin.com/  
  
  
Description:  
  
Commonspot server is vulnerable to a vanilla XSS  
  
Vulnerable server-side script: 'commonspot/utilities/longproc.cfm'  
  
Unfiltered parameter: 'arbitrary'  
  
  
Notes:  
  
  
Simple XSS Proof of Concept (PoC) URL:  
  
https://target-domain.foo/commonspot/utilities/longproc.cfm?onlyurlvars=1&url=%27;--%3E%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E  
  
  
Consequences:  
  
An attacker may be able to cause execution of malicious scripting code  
in the browser of a victim user who clicks on a link to a CommonSpot server.  
  
This type of attack can result in non-persistent defacement of the  
target site, or the redirection of confidential information (i.e.:  
session IDs or passwords) to unauthorised third parties.  
  
  
  
Credits: found by Richard Brain & Jan Fry - ProCheckUp Ltd  
(www.procheckup.com).  
  
Legal:  
  
Copyright 2009 Procheckup Ltd. All rights reserved.  
  
Permission is granted for copying and circulating this Bulletin to the  
Internet community   
for the purpose of alerting them to problems, if and only if, the  
Bulletin is not edited   
or changed in any way, is attributed to Procheckup, and provided such  
reproduction and/or   
distribution is performed for non-commercial purposes.  
  
  
Any other use of this information is prohibited. Procheckup is not  
liable for any misuse of this information by any third party.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Jan 2010 00:00Current
0.4Low risk
Vulners AI Score0.4
cross-site scriptingcommonspot servervulnerabilityprocheckupnon-persistent defacementrichard brainjan fry
20