KnowledgeView Editorial and Management application contains a reflected cross-site scripting (XSS) vulnerability (CWE-79).
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
KnowledgeView Editorial and Management application contains a reflected cross-site scripting vulnerability that can allow an attacker to inject arbitrary HTML content (including script) via the vulnerable query string parameter username.
A remote unauthenticated attacker can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service.
We are currently unaware of a practical solution to this problem. Please consider the following workaround.
Thanks to Ali Hussein of Help AG Middle East for reporting this vulnerability.
This document was written by Adam Rauf.
|Date First Published:||2013-09-23|
|Date Last Updated:||2013-09-23 15:32 UTC|