MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the servers IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that The vendor does not consider this a vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mysource_classic | Squiz | * | 2.16.2 (including) |
Mysource_matrix | Squiz | * | 3.8 (including) |