Lucene search
K

Embedthis Appweb Web Server 3.2.2-1 Cross Site Scripting

🗓️ 25 Dec 2010 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 20 Views

Appweb Web Server 3.2.2-1 Remote XSS Vulnerabilit

Code
`  
Embedthis Appweb Web Server 3.2.2-1 (Ejscript) Remote XSS Vulnerability  
  
  
Vendor: Embedthis Software LLC  
Product web page: http://www.appwebserver.org, http://www.ejscript.org  
Version affected: 3.2.2-1  
  
Summary: Appweb has a multi-threaded, event-driven, core to deliver  
exceptional throughput, response and outstanding memory utilization.  
It is compact and will embed using as little as 800K of memory.  
  
Desc: Appweb Web Server suffers from a remote reflected Cross-Site  
Scripting vulnerability when input passed to the Ejscript web  
framework is not properly sanitized, allowing the attacker to  
execute arbitrary HTML and script code in a user's browser  
session and aid in phishing attacks.  
  
Tested on: Microsoft Windows XP Professional SP3 (EN)  
  
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic  
liquidworm gmail com  
Zero Science Lab - http://www.zeroscience.mk  
  
Advisory ID: ZSL-2010-4985  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4985.php  
  
12.10.2010  
  
  
PoC:  
  
http://localhost/ejs/%3Cscript%3Ealert%281%29%3C/script%3E  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation