Cross site scripting

2008-07-3017:41:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.4%

JSON

Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

CPENameOperatorVersion
web_wiz_rich_text_editorle4.02
web_wiz_rich_text_editoreq4.01
web_wiz_rich_text_editoreq3
web_wiz_rich_text_editoreq4.0

Name	Operator	Version
web_wiz_rich_text_editor	le	4.02
web_wiz_rich_text_editor	eq	4.01
web_wiz_rich_text_editor	eq	3
web_wiz_rich_text_editor	eq	4.0

References

depo2.nm.ru/WebWiz_Rich_Text_Editor_v4.02_XSS.txt

secunia.com/advisories/31272

securityreason.com/securityalert/4055

www.securityfocus.com/archive/1/494822/100/0/threaded

www.securityfocus.com/bid/30408

www.vupen.com/english/advisories/2008/2210/references