{"lastseen": "2017-11-19T14:41:34", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "poc", "enchantments": {"score": {"value": -0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.4}, "href": "https://www.seebug.org/vuldb/ssvid-78395", "references": [], "enchantments_done": [], "id": "SSV:78395", "title": "OpenWFE 1.4.x Remote Cross-Site Scripting And Connection Proxy Vulnerabilities", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 4, "sourceData": "\n source: http://www.securityfocus.com/bid/11514/info\r\n\r\nOpenWFE is affected by a cross-site scripting and connection proxy vulnerability. These issues are due to a failure of the application to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage the cross-site scripting issue to steal cookie-based authentication credentials as well as carry out other attacks by executing client-based script code in an unsuspecting user's browser. An attacker may leverage the connection proxy issue to scan arbitrary network computers anonymously, facilitating further attacks.\r\n\r\nTo leverage the cross-site scripting issue:\r\nrmi://www.example.com:7080/workSessionServer"><script>alert(document.cookie)</script>\r\n\r\nTo leverage the connection proxy issue:\r\nrmi://<targetHostName>:<targetPort>/workSessionServer\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-78395", "type": "seebug", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645279996, "score": 1659785532, "epss": 1678848988}}
OpenWFE 1.4.x Remote Cross-Site Scripting And Connection Proxy Vulnerabilities