Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Webcheck | Webcheck | * | 1.9.5 (including) |
| Webcheck | Webcheck | 1.9.0 (including) | 1.9.0 (including) |
| Webcheck | Webcheck | 1.9.1 (including) | 1.9.1 (including) |
| Webcheck | Webcheck | 1.9.2 (including) | 1.9.2 (including) |
| Webcheck | Webcheck | 1.9.3 (including) | 1.9.3 (including) |
| Webcheck | Webcheck | 1.9.4 (including) | 1.9.4 (including) |
| Webcheck | Ubuntu | dapper | * |
| Webcheck | Ubuntu | devel | * |
| Webcheck | Ubuntu | edgy | * |
| Webcheck | Ubuntu | feisty | * |
| Webcheck | Ubuntu | gutsy | * |
| Webcheck | Ubuntu | hardy | * |
| Webcheck | Ubuntu | intrepid | * |
| Webcheck | Ubuntu | jaunty | * |
| Webcheck | Ubuntu | karmic | * |
References
- http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130
- http://secunia.com/advisories/19309
- http://www.securityfocus.com/bid/17212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25428
- http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130
- http://secunia.com/advisories/19309
- http://www.securityfocus.com/bid/17212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25428