18 lines
No EOL
1.1 KiB
Text
18 lines
No EOL
1.1 KiB
Text
source: https://www.securityfocus.com/bid/39679/info
|
|
|
|
Ektron CMS400.NET is prone to multiple security vulnerabilities, including multiple cross-site scripting issues, an information-disclosure issue, a cookie-manipulation issue, a directory-traversal issue, a security-bypass issue, and a URI redirection issue.
|
|
|
|
Attackers can leverage these issues to bypass authentication mechanisms, execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, steal cookie-based authentication credentials, obtain sensitive information, bypass certain security restrictions, and redirect a user to a potentially malicious site; other attacks are also possible.
|
|
|
|
Ektron CMS400.NET 7.5.2.49 is affected; other versions may also be vulnerable.
|
|
|
|
The following example URIs are available:
|
|
|
|
Cross-Site Scripting issue:
|
|
|
|
http://www.example.com/WorkArea/reterror.aspx?info=<script>alert('vulnerable')</script>
|
|
http://www.example.com/workarea/medialist.aspx?action=ViewLibraryByCategory&selectids='; alert('Vulnerable');//
|
|
|
|
URI Redirection issue:
|
|
|
|
http://www.example.com/workarea/blankredirect.aspx?http://www.example2.com |