Home / exploits OXATIS Cross Site Scripting
Posted on 10 March 2014
HTTPCS Advisory : HTTPCS125 Product : OXATIS Version : Date : 2014-03-07 Criticality level : Less Critical Description : A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMSJ' parameter to '/EmailPopupWnd.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Page : /EmailPopupWnd.asp Variables : EMSJ=[VulnHTTPCS] Type : XSS Method : GET Solution : References : https://www.httpcs.com/en/advisory/httpcs125 Credit : HTTPCS [Web Vulnerability Scanner]
