Network Security News – Tuesday, December 13, 2005 Events
Scout Portal Toolkit SPT–Advanced.php Multiple Field XSS
Scout Portal Toolkit (SPT) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple unspecified fields upon submission to the SPT–Advanced.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21631
Scout Portal Toolkit SPT–AdvancedSearch.php Multiple Variable XSS
Scout Portal Toolkit (SPT) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'F_SearchCat1', 'F_TextField1', 'F_SearchCat2', 'F_TextField2', 'F_SearchCat3', 'F_TextField3', 'F_SearchCat4', 'F_TextField4', 'ResourceType', 'Language', 'Audience', or 'Format' variables upon submission to the SPT–AdvancedSearch.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21635
Scout Portal Toolkit SPT–UserLogin.php Multiple Variable XSS
Scout Portal Toolkit (SPT) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'F_UserName' or 'F_Password' variables upon submission to the SPT–UserLogin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21634