Certec EDV GmbH atvise scada Cross Site Scripting and HTTP Header Injection Vulnerabilities

Certec EDV GmbH atvise scada is prone to a cross-site scripting vulnerability and an HTTP header-injection vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks and to insert a crafted HTTP header into an HTTP response that could cause web server cache poisoning. These issues may aid in further attacks.

Versions prior to atvise 3.1 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus