M-TECH P-Synch Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

M-TECH P-Synch Cross-Site Scripting Vulnerability

P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch.

This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.