HP OpenCall Media Platform Multiple Cross Site Scripting and Remote File Include Vulnerabilities

HP OpenCall Media Platform is prone to multiple cross-site scripting vulnerabilities and a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or of the webserver process. This may allow the attacker to steal cookie-based authentication credentials or obtain potentially sensitive information; other attacks are also possible.

HP OpenCall Media Platform 3.x versions prior to 3.4.2 RP201 and 4.x versions prior to 4.4.7 RP702 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus