[VIM] [Fwd: Speartek XSS vuln.]

jkouns jkouns at opensecurityfoundation.org
Sat Dec 31 01:13:49 EST 2005 

I was just looking at OSVDB 22068: Speartek Search Module XSS

          CVE ID:  2005-4493
      Bugtraq ID:  16018
FrSIRT Advisory:  ADV-2005-3052

I was trying to figure out which one of the applications or demos he 
found this XSS in:
http://www.speartek.com/content/521.htm

While looking around I saw the Search Module on the site:
http://www.speartek.com/Content/453.htm

It appears that this is a site specific vuln on the website and not a 
vuln in the "Speartek" product or one of the other products....

I then did a quick search in OSVDB on "Search Module XSS".... and it 
looks like almost all of them that do not have specific script 
information may actually be site specific vulns and not vulns in 
products...  even though he lists version numbers.

We have a policy at OSVDB that we do not add site specific vulns... so I 
would like to determine if these are real vulns in products or just r0t 
finding XSS vulns on company websites.

Thoughts?
--Jake

-------- Original Message --------
Subject: 	[OSVDB Mods] Speartek XSS vuln.
Date: 	Wed, 21 Dec 2005 16:34:02 +0100
From: 	Support Service <krustevs at googlemail.com>
To: 	moderators at osvdb.org



Speartek XSS vuln.

Vuln. discovered by : r0t
Date: 21 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/speartek-xss-vuln.html
vednor:http://www.speartek.com
affected version:6.0 and prior


Product Description:

SpearTek's advanced solutions help you optimize the Internet channel to
fuel ongoing business success. Our technology enables companies to
leverage a single platform to manage content, email marketing and
ecommerce applications, easily and cost-effectively. Whether you are a
multi-million dollar enterprise or a start-up venture, our solutions
advance your business objectives by delivering real return on investment
while enhancing the customer experience.


Vuln. Description:

SpearTek contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed to search module paremters
isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of integrity.

Solution:
Edit the source code to ensure that input is properly sanitised.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: file:///C|/DOCUME%7E1/JAKE/LOCALS%7E1/TEMP/nsmail.txt
Url: http://www.attrition.org/pipermail/vim/attachments/20051231/74260223/attachment.txt

More information about the VIM mailing list