OXATIS 2017 Cross Site ScriptingDear Sir or Madam,
A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
HTTPCS Advisory : HTTPCS159
Product : OXATIS
Version : 2017
Page : /PBSubscribe.asp
Variables : newsradio=1&EMail=[VulnHTTPCS]
Type : XSS
Method : GET
Description : A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
References : <https://www.httpcs.com/advisory/httpcs159> https://www.httpcs.com/advisory/httpcs159
Credit : HTTPCS [Web Vulnerability Scanner]
------------------------------------------------------
*For your security no information will be communicated before the update.
------------------------------------------------------
Cordialement,
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum