by r0t,der4444,cembo,VietMafia

Wednesday, December 21, 2005

Speartek XSS vuln.

Speartek XSS vuln.

Vuln. discovered by : r0t
Date: 21 dec. 2005
affected version:6.0 and prior

Product Description:

SpearTek's advanced solutions help you optimize the Internet channel to fuel ongoing business success. Our technology enables companies to leverage a single platform to manage content, email marketing and ecommerce applications, easily and cost-effectively. Whether you are a multi-million dollar enterprise or a start-up venture, our solutions advance your business objectives by delivering real return on investment while enhancing the customer experience.

Vuln. Description:

SpearTek contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to search module paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Edit the source code to ensure that input is properly sanitised.


Anonymous jkouns told...

Can you confirm which Speartek product is affected? They appear to have quite a few different products.

Or is the XSS you are referring to only in the search module on the Speaktek website?

7:31 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew