Secunia
Login
|
|
|
|
|
|
|
|
|
F*EX Multiple Cross-Site Scripting Vulnerabilities
Release Date: 2012-02-20 Last Update: 2012-10-01 Views: 948
Secunia Advisory SA47971
Where:
From remote
Impact:
Cross Site Scripting,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
Multiple vulnerabilities have been reported in F*EX (Frams's Fast File EXchange), which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed via the "id" parameter to /fup is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is reported in versions 20100208 and 20111129-2.
2) Input passed via the "to" and "from" POST parameters to /fup is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is reported in version 20100208.
Solution:
Update to version 20120215.
Provided and/or discovered by:
muuratsalo
Original Advisory:
http://seclists.org/oss-sec/2012/q1/att-441/FEX_20100208.txt
http://seclists.org/oss-sec/2012/q1/att-441/FEX_20111129-2.txt
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: F*EX Multiple Cross-Site Scripting Vulnerabilities
|
No posts yet |
|
You must be logged in to post a comment. |
