Professional Webmasters Community
Would you like to react to this message? Create an account in a few clicks or log in to continue.
Professional Webmasters Community

your are free to explore your reviews, thoughts, suggestion and guidelines on every online tech talk.


PowerStore™ 3 XSS vuln.

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

Go down

PowerStore™ 3 XSS vuln. Empty PowerStore™ 3 XSS vuln.

Post  andry Mon Oct 18, 2010 12:50 am

##############################################
Date: 09 September 2010
vendor:http://www.webassist.com/php-scripts-and-solutions/powerstore/
affected versions:PowerStore™ 3 and other
versions also can be affected.
###############################################

PowerStore™ 3 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "totalRows_WADAProducts" parameter in "Products_Results.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################
andry
andry
Moderator
Moderator

Posts : 467
Join date : 2010-05-07

Back to top Go down

Back to top

- Similar topics

Professional Webmasters Community :: Webmaster Speak :: Tech Talk

 
Permissions in this forum:
You cannot reply to topics in this forum