PT-2007-2043 · Unknown · Http Commander

Publicado

2007-01-30

Atualizado

2017-07-29

CVE-2007-0583

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions HTTP Commander versions prior to 6.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the LogoffMessage parameter to "logofflast.aspx" or the txtUsername parameter to "Default.aspx".

Recommendations For versions prior to 6.0, consider restricting access to the "logofflast.aspx" and "Default.aspx" endpoints until a fix is available. As a temporary workaround, avoid using the LogoffMessage and txtUsername parameters in the affected API endpoints.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-0583

Produtos afetados

Http Commander

PT-2007-2043 · Unknown · Http Commander

CVE-2007-0583

Identificadores relacionados

Produtos afetados

Referências · 6