Kbase P28236: Cross Site Scripting can be use to exploit WebSpeed messenger
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
07/10/2009 |
|
Status: Verified
SYMPTOM(s):
Cross Site Scripting can be use to exploit WebSpeed messenger
Cross Site Scripting can be used to exploit WebSpeed applications
WebSpeed is vulnerable with Cross Site Scripting
WebSpeed can be exploited with Cross Site Scripting
WebSpeed CGIIP messenger have cross site scripting problems
Adding script in WebSpeed URL causes the script to execute
FACT(s) (Environment):
This could potentially be exploited for malicious uses.
WebSpeed 3.x
All Supported Operating Systems
CAUSE:
Bug# OE00091638
FIX:
Upgrade the WebSpeed messenger to OpenEdge 10.0A or later. The OE 10 messenger will work with WebSpeed 3.x WebSpeed transaction server.