Check Point Advisories

Update Protection against Novell QuickFinder Server Multiple Cross Site Scripting

Check Point Reference: CPAI-2009-077
Date Published: 30 Apr 2009
Severity: Medium
Last Updated: Thursday 30 April, 2009
Source: Secunia Advisory: SA33886
Industry Reference:

CVE-2009-0611

Protection Provided by:
Who is Vulnerable?
Vulnerability Description A cross-site scripting vulnerability was reported in Novell QuickFinder Server, a site-specific search engine. The flaw is due to lack of validation of user supplied input data. An attacker can leverage this flaw to execute arbitrary HTML and script code on target user's web browser, within the context of a trusted web site. This can allow an attacker to gain read and write access to user's cookies and other sensitive information.
Update/Patch AvaliableThe vendor has not released an advisory addressing this vulnerability.
Vulnerability DetailsNovell QuickFinder Server is a site-specific search engine that allows users to search the public and private sites, partners' sites and any number of additional Web sites across the Internet, all from a single search interface on one Web site. The vulnerability is due to insufficient validation of URL requests. This could allow the JavaScript code to execute on the target user's browser within the security context of the target web site.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK