ASSETBASE CVE-2017-2134 Cross Site Scripting Vulnerability

ASSETBASE is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

ASSETBASE 8.0 and prior are vulnerable.

Information

Bugtraq ID: 97708
Class: Input Validation Error
CVE: CVE-2017-2134

Remote: Yes
Local: No
Published: Apr 11 2017 12:00AM
Updated: Apr 18 2017 07:08PM
Credit: Keitaro Yamazaki of Kyoto University.
Vulnerable: UCHIDA YOKO ASSETBASE 8.0

Not Vulnerable:

Exploit

Attackers can exploit this issue by enticing a user into following a malicious URI.

References:

ASSETBASE Homepage (ASSETBASE)
JVN#82019695 ASSETBASE vulnerable to cross-site scripting (JPCERT)

Source: www.securityfocus.com

Exploit Collector

Search Exploit