Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities

Sun Solaris AnswerBook2 Multiple Cross-Site Scripting Vulnerabilities

Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities. These issues arise due to insufficient sanitization of user-supplied data facilitating execution of arbitrary HTML and script code in a user's browser.

The following specific issues were identified:

It is reported that the Search function of the application is affected by a cross-site scripting vulnerability.

The AnswerBook2 admin interface is prone to cross-site scripting attacks as well.

These issues can lead to theft of cookie based credentials and other attacks.

AnswerBook2 1.4.4 and prior versions are affected by these issues.