PT-2008-3531 · National Rail Enquiries · National Rail Enquiries Live Departure Boards
Publicado
2008-04-29
·
Atualizado
2017-08-08
·
CVE-2008-2011
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
National Rail Enquiries Live Departure Boards gadget version 1.0 and earlier
Description
The issue allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML and execute arbitrary code via a response body. This can be achieved by injecting a SCRIPT element that references a vbscript: URI.
Recommendations
For National Rail Enquiries Live Departure Boards gadget version 1.0 and earlier, update to version 1.1 or later to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
National Rail Enquiries Live Departure Boards