• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Unobtrusive AJAX Star Rating Bar Multiple Input Validation Vulnerabilities

Unobtrusive AJAX Star Rating Bar is prone to input-validation vulnerabilities, including an SQL-injection issue, a security-bypass issue, and a cross-site scripting issue, because the application fails to sanitize user-supplied input.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and bypass certain security restriction to inject arbitrary HTTP header and body data.

Versions prior to Unobtrusive AJAX Star Rating Bar 1.2.0 are affected.