| VID |
21667 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Jaws software is vulnerable to multiple cross-site scripting vulnerabilities. Jaws is a Framework and Content Management System for building dynamic web sites, written in PHP. Jaws versions 0.4 through to 0.5.1 are vulnerable to multiple cross-site scripting vulnerabilities, caused by improper validation of user-supplied input passed to the term parameter of the index.php script and the term and description parameters of the GlossaryModel.php script. These vulnerabilities could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
* References:
http://secunia.com/advisories/15547/
http://www.securiteam.com/unixfocus/5RP0M0AFFS.html
http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html
* Platforms Affected:
Jaws versions 0.4 through to 0.5.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Jaws (0.5.2 or later), available from the Jaws Web site at http://www.jaws.com |
| Related URL |
CVE-2005-1231,CVE-2005-1800 (CVE) |
| Related URL |
13254,13796 (SecurityFocus) |
| Related URL |
20817,20241 (ISS) |
|
