Pattern Insight Multiple Security Vulnerabilities

Pattern Insight is prone to multiple security vulnerabilities:

1. A cross-site request-forgery vulnerability
2. A clickjacking vulnerability
3. A remote privilege-escalation vulnerability
4. Multiple HTML-injection vulnerabilities

Attackers can leverage the privilege-escalation issue to log in as a legitimate user with elevated privileges.

Exploiting these issues may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, execute arbitrary script or HTML code within the context of the browser, steal cookie-based authentication credentials, and disclose sensitive information. Other attacks are also possible.


 

Privacy Statement
Copyright 2010, SecurityFocus