Eng

Services

Security Assessment

Website Security Audit

Network Penetration Testing

Solutions

DataCenter GreenZone

Web Application Security

Vulnerability Assessment

Intrusion Protection System

News and Events

Search: Advanced search

server monitoring

WEBppliance ocw_login_username Parameter Cross-Site Scripting Vulnerability

Article ID: 19781

Last updated: 27 Jan, 2009

Print

Email to friend

Views: 476

Posted: 22 Jan, 2009
by: Tech Pubs S.

Updated: 27 Jan, 2009
by: Tech Pubs S.

WEBppliance ocw_login_username Parameter Cross-Site Scripting Vulnerability

This script is Copyright (C) 2005-2007 Tenable Network Security


Family	CGI abuses : XSS
Plugin ID	19781
Bugtraq ID	14836
CVE ID	CVE-2005-3014

Description:
Synopsis : The remote host contains a PHP script that is vulnerable to cross-site scripting attacks. Description : The remote host is running WEBppliance, a web hosting control panel for Windows and Linux from Ensim. The installed version of WEBppliance is prone to cross-site scripting attacks because it fails to sanitize user-supplied input to the ocw_login_username parameter of the login script before using it in dynamically generated webpages. See also : http://membres.lycos.fr/newnst/exploit/Ensim_Autentification_XSS_By_ConcorDHacK.html Solution : Unknown at this time. Risk factor : Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This article was: Helpful | Not Helpful

Prev		Next
ASP-DEv XM Forum post.asp IMG Tag XSS		dasBlog HTML Injection Vulnerability

server monitoring