Ecometry SGDynamo 5.32/6.1/7.0 Cross-Site Scripting Vulnerability

2014-07-01T00:00:00
ID SSV:75272
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/4720/info

SGDynamo is a web application engine for Microsoft Windows operating systems.

Script code is not filtered from URL parameters that are used as output by the SGDynamo program. This may enable an attacker to inject script code into a malicious link to the program. The script code will be executed in the browser of a user who visits the link, in the context of the site running the program.

This may enable the attacker to steal cookie-based authentication credentials from legitimate users.

http://target/sgdynamo.exe?HTNAME=<script>alert("test")</script>