CVE-2006-4964

Properties

Published:
22.09.2006
Updated:
28.09.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
MAXdev: MD-Pro
MAXdev: MD-Pro
MAXdev: MD-Pro
MAXdev: MD-Pro

Vulnerability description

Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.

References:

http://jvn.jp/jp/JVN%2346630603/index.html: http://jvn.jp/jp/JVN%2346630603/index.html
http://www.maxdev.com/Article605.phtml: http://www.maxdev.com/Article605.phtml
http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtml: http://www.maxdev.com/Downloads-index-req-dldet-lid-497-ttitle-Security_fix_for_MDPro_1.076.phtml
BID: http://www.securityfocus.com/bid/20133
FRSIRT: http://www.frsirt.com/english/advisories/2006/3732
SECUNIA: http://secunia.com/advisories/22050