Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sandsurfer | Xperience | 1.6.2 (including) | 1.6.2 (including) |
| Sandsurfer | Xperience | 1.6.3 (including) | 1.6.3 (including) |
| Sandsurfer | Xperience | 1.6.4 (including) | 1.6.4 (including) |
| Sandsurfer | Xperience | 1.6.5 (including) | 1.6.5 (including) |
| Sandsurfer | Xperience | 1.7.0 (including) | 1.7.0 (including) |
References
- http://secunia.com/advisories/11028
- http://sourceforge.net/forum/forum.php?forum_id=356882
- http://www.osvdb.org/4132
- http://www.securityfocus.com/bid/9801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15377
- http://secunia.com/advisories/11028
- http://sourceforge.net/forum/forum.php?forum_id=356882
- http://www.osvdb.org/4132
- http://www.securityfocus.com/bid/9801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15377