• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Plumtree Corporate Portal Cross Site Scripting Vulnerability

Plumtree Corporate Portal is a portal package designed to provide a comprehensive framework for a large corporate intranet. It includes support for personalization, and can be used to link together web and legacy applications and help distribute and organize information.

The script error.asp, used to process error messages, is vulnerable to a cross site scripting attack. A malicious user may link to this script and include javascript code in the Description parameter, which will then be executed in the context of the error page. Further information disclosure may result from exploitation of this vulnerability.