From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Mar 31 2003 - 05:22:30 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Ceilidh Cross-Site Scripting

READ ONLINE:
http://www.secunia.com/advisories/8456/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
From remote

SOFTWARE:
Ceilidh 2.x

DESCRIPTION:
A vulnerability in Ceilidh can be exploited by malicious people to
conduct Cross-Site Scripting attacks against other users.

Due to an input validation error in "testcgi.exe", it is possible to
conduct a Cross-Site Scripting attack against a visitor by
constructing a malicious link, which passes script code to the CGI
script.

When the link is clicked or a user visits a malicious website, the
script code will be executed in the user's browser session. This can
result in disclosure of various information (eg. cookie-based
authentication information) associated with the site running Ceilidh
or inclusion of malicious content, which the user thinks is part of
the real website.

SOLUTION:
Filter malicious characters in a HTTP proxy.

REPORTED BY / CREDITS:
Gregory Le Bras

ORIGINAL ADVISORY:
French:
http://www.security-corporation.com/index.php?id=advisories&a=013-FR

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]