OXATIS 2017 Cross Site Scripting

CVE	Category	Price	Severity
CVE-2017-14955	CWE-79	$500	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2017-04-25

CPE
cpe:cpe:/a:oxatis:-

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017040170

Below is a copy:

OXATIS 2017 Cross Site ScriptingDear Sir or Madam,
A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

HTTPCS Advisory : HTTPCS159

Product : OXATIS

Version : 2017

Page : /PBSubscribe.asp

Variables : newsradio=1&EMail=[VulnHTTPCS]

Type : XSS

Method : GET

Description : A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

References :  <https://www.httpcs.com/advisory/httpcs159> https://www.httpcs.com/advisory/httpcs159

Credit : HTTPCS [Web Vulnerability Scanner]

------------------------------------------------------
*For your security no information will be communicated before the update.
------------------------------------------------------
Cordialement,

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum