Expinion.net iNews Publisher Articles.ASP Multiple Cross Site Scripting Vulnerabilities

iNews Publisher is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.

Note: The vendor refutes this issue, stating that the application is not vulnerable to the specified vulnerabilities.


 

Privacy Statement
Copyright 2010, SecurityFocus