| VID |
21425 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Pinnacle ShowCenter has a 'SettingsBase.php' Cross-Site Scripting Vulnerability.
Pinnacle ShowCenter is program designed to play movies, music, and photos from a user's personal computer. Pinnacle ShowCenter version 1.51 build 121 and possibly other versions are vulnerable to cross-site scripting vulnerability, caused by a failure of the application to properly validate user-supplied input in the 'SettingsBase.php' file. A remote attacker could create a specially crafted URL link to the 'SettingsBase.php' scripts containing malicious script code in 'Skin' parameter, and then could persuade a target user to click it. Once the URL is clicked, the embedded codes would be executed in the victim's Web browser. A remote attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=10726
http://securitytracker.com/alerts/2004/Oct/1011686.html
* Platforms Affected:
Pinnacle Systems, Pinnacle ShowCenter version 1.51 build 121 and possibly other versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the new version of Pinnacle ShowCenter, when new version fixed this problem becomes available from the Pinnacle ShowCenter Web Site at http://www.pinnaclesys.com/ProductPage_n.asp?Product_ID=1481&Langue_ID=7 |
| Related URL |
CVE-2004-1700 (CVE) |
| Related URL |
11415 (SecurityFocus) |
| Related URL |
17708 (ISS) |
|
