Loganalyzer Cross Site Scripting Vulnerability in oracle_query paramater
A cross-site scripting vulnerability in the oracle_query parameter of the asktheoracle.php page was brought to our attention by Mohd Izhar Bin Ali.
We thank then for giving us the chance to fix this issue before
releasing information into the public. More details about the
vulnerabilities can be found in this security advisory.
Affected Stable Versions:
Stable branch up to v3.6.0 (inclusive)
Fix:
Update to 3.6.1 or higher (if available)
Cross Site Scripting
Short Description:
A cross-site scripting vulnerability existed in the asktheoracle.php page. An attacker could use it to execute arbitrary HTML and Script code by using the oracle_query parameter.
Potential Impact:
An attacker could use prepared links to include and run scripts within the context of LogAnalyzer on the users browser.
Credits:
We want to thank Mohd Izhar Bin Ali for identifying these issues and
working with us in resolving it. More details can be found in their
advisory.
Thursday, December 20, 2012
Subscribe to:
Post Comments (Atom)
4 comments:
Really this is one of the most valuable article regarding Network Security Solutions. Thanks a lot for sharing your info.
Security service provider in Kerala
123movies We are amongst the Best Mobile App Development Company in Mumbai that offer IOS, Android Mobile Application Development services that look Great and act Smart.
Keep sharing such amazing blogs. Our Penetration Testing firm offers professional cyber security consulting services. Hire cyber security professionals today!
vulnerability assessment
It is really very helpful for us and I have gathered some important information from this blog.
Vulnerability assessment and penetration testing services
Post a Comment