by r0t,der4444,cembo,VietMafia

Wednesday, December 21, 2005

Speartek XSS vuln.

Speartek XSS vuln.

Vuln. discovered by : r0t
Date: 21 dec. 2005
vendor:http://www.speartek.com
affected version:6.0 and prior


Product Description:

SpearTek's advanced solutions help you optimize the Internet channel to fuel ongoing business success. Our technology enables companies to leverage a single platform to manage content, email marketing and ecommerce applications, easily and cost-effectively. Whether you are a multi-million dollar enterprise or a start-up venture, our solutions advance your business objectives by delivering real return on investment while enhancing the customer experience.


Vuln. Description:

SpearTek contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to search module paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous jkouns told...

Can you confirm which Speartek product is affected? They appear to have quite a few different products.

Or is the XSS you are referring to only in the search module on the Speaktek website?
http://www.speartek.com/Content/453.htm

7:31 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew