Speartek XSS vuln.

2005-12-21T00:00:00
ID SECURITYVULNS:DOC:10756
Type securityvulns
Reporter Securityvulns
Modified 2005-12-21T00:00:00

Description

Speartek XSS vuln.

Vuln. discovered by : r0t Date: 21 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/speartek-xss-vuln.html vednor:http://www.speartek.com affected version:6.0 and prior

Product Description:

SpearTek's advanced solutions help you optimize the Internet channel to fuel ongoing business success. Our technology enables companies to leverage a single platform to manage content, email marketing and ecommerce applications, easily and cost-effectively. Whether you are a multi-million dollar enterprise or a start-up venture, our solutions advance your business objectives by delivering real return on investment while enhancing the customer experience.

Vuln. Description:

SpearTek contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to search module paremters isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution: Edit the source code to ensure that input is properly sanitised.