| VID |
21737 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WebcamXP software is vulnerable to a cross-site scripting vulnerability in the chat feature. WebcamXP is a webcam utility with an integrated HTTP server for Microsoft Windows platforms. WebcamXP PRO version 2.16.468 and earlier versions are vulnerable to a cross-site scripting vulnerability, caused by improper validation of user-supplied input passed to the chat name. This vulnerability could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0393.html
http://secunia.com/advisories/14999/
http://www.securiteam.com/windowsntfocus/5IP0B2AA1M.html
* Platforms Affected:
WebcamXP PRO version 2.16.468 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of WebcamXP (2.16.478 beta or later), available from the WebcamXP Download Web page at http://www.webcamxp.com/download.html |
| Related URL |
CVE-2005-1189 (CVE) |
| Related URL |
13250 (SecurityFocus) |
| Related URL |
20166 (ISS) |
|
