• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Xigla Software Multiple Scripts SQL Injection and Cross-Site Scripting Vulnerabilities

Multiple Xigla Software products are prone to cross-site scripting vulnerabilities and SQL-injection vulnerabilities because the applications fail to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect the following Xigla Software products:

Absolute Live Support XE 5.1
Absolute News Manager XE 3.2
Absolute Banner Manager XE
Absolute Form Processor XE 4.0
Absolute Image Gallery XE
Absolute Poll Manager XE
Absolute Control Panel XE