OXATIS 2017 suffers from a cross site scripting vulnerability.
693c838fbad503f8603294fa9b6e9ba4Dear Sir or Madam,
A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
HTTPCS Advisory : HTTPCS159
Product : OXATIS
Version : 2017
Page : /PBSubscribe.asp
Variables : newsradio=1&EMail=[VulnHTTPCS]
Type : XSS
Method : GET
Description : A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
References : <https://www.httpcs.com/advisory/httpcs159> https://www.httpcs.com/advisory/httpcs159
Credit : HTTPCS [Web Vulnerability Scanner]
------------------------------------------------------
*For your security no information will be communicated before the update.
------------------------------------------------------
Cordialement,
Support Client HTTPCS
Support Technique : +33.805.693.333
Support Commercial : +33.805.693.333
Fax : +33.4.11.93.45.04
Email: <mailto:[email protected]> [email protected]
Du lundi au vendredi : 9h - 19h
<https://mandrillapp.com/track/open.php?u=30841549&id=a659e4dcc20947548e0e76e4ad409c55>