Vulnerability Note VU#418923
C2 WebResource web interface XSS vulnerability
The C2 WebResource web interface contains a XSS vulnerability.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The C2 WebResource web interface is vulnerable to XSS on the following URL and parameter:
An attacker with access to the C2 WebResource web interface can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|C2Enterprise||Affected||-||02 Apr 2013|
CVSS Metrics (Learn More)
Thank you to the reporter that wishes to remain anonymous.
This document was written by Michael Orlando.
- CVE IDs: CVE-2013-0125
- Date Public: 03 Apr 2013
- Date First Published: 03 Apr 2013
- Date Last Updated: 03 Apr 2013
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.