PT-2014-2478 · I Doit · I-Doit Open+1

Stephan Rickauer

Publicado

2014-02-11

Atualizado

2014-02-12

CVE-2013-1413

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions i-doit open versions 0.9.9-7 and earlier i-doit pro versions 1.0 and earlier i-doit pro version 1.0.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors due to multiple cross-site scripting (XSS) vulnerabilities. This occurs when the 'sanitize user input' flag is not enabled.

Recommendations For i-doit open versions 0.9.9-7 and earlier, enable the 'sanitize user input' flag to prevent XSS attacks. For i-doit pro versions 1.0 and earlier, enable the 'sanitize user input' flag to prevent XSS attacks. For i-doit pro version 1.0.2, enable the 'sanitize user input' flag to prevent XSS attacks.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2013-1413

Produtos afetados

I-Doit Open

I-Doit Pro

PT-2014-2478 · I Doit · I-Doit Open+1

CVE-2013-1413

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5