Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses : XSS >> DCP-Portal XSS

Vulnerability Assessment Details

DCP-Portal XSS

Vulnerability Assessment Summary
Check for DCP-Portal XSS flaws

Detailed Explanation for this Vulnerability Assessment

You are running a version of DCP-Portal which is older or equals to v5.3.2

This version is vulnerable to:

- Cross-site scripting flaws in calendar.php script, which may let an
attacker to execute arbitrary code in the browser of a legitimate user.

In addition to this, your version may also be vulnerable to:

- HTML injection flaws, which may let a possible hacker to inject hostile
HTML and script code that could permit cookie-based credentials to be stolen
and other attacks.

- HTTP response splitting flaw, which may let a possible hacker to influence
or misrepresent how web content is served, cached or interpreted.

See also : http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0131.html

Solution : Upgrade to a newer version when available
Network Security Threat Level: Medium

Networks Security ID: 7141, 7144, 11338, 11339, 11340

Vulnerability Assessment Copyright: This script is Copyright (C) 2003 k-otik.com & Copyright (C) 2004 David Maciejak

Cables, Connectors