| VID |
27331 |
| Severity |
30 |
| Port |
4274 |
| Protocol |
TCP |
| Class |
P2P |
| Detailed Description |
The Xedus P2P Web server is vulnerable to a Cross-Site Scripting attack.
Xedus is a Peer-to-Peer web server for Microsoft Windows platforms and provides you with the ability to share files, music, and any other media. The Xedus web server by default listens for incoming connections on port 4274, however this value can be edited by the administrator of the Xedus web server. Xedus version 1.0 is vulnerable to a cross-site scripting vulnerability in included sample scripts. This could allow a remote attacker to send a specially crafted request to the test.x, TestServer.x or testgetrequest.x script that would execute malicious HTML and script code in the victim's Web browser.
* References:
http://www.securityfocus.com/archive/1/373506
http://packetstormsecurity.nl/0409-exploits/00047-08302004.txt
* Platforms Affected:
Jerod Moemeka, Xedus 1.0
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of November 2004.
Remove the sample .x scripts located in the ./sampledocs directory. |
| Related URL |
(CVE) |
| Related URL |
11071 (SecurityFocus) |
| Related URL |
17166 (ISS) |
|
