DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks
From: eagle <eagle@xxxxxxxxxxx>
Date: Thu, 14 Feb 2008 21:09:11 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

ID : DOINGSOFT-2008-02-11-002

Discovered : 15/10/2007

Corrected : not knowned, vendors did not response to mail sinceDecembre 2007


Publication :11/02/2008

Credits : Ha.ckers.fr Team

Affected Software  : IPDiva VPNSSL

Versions  :

    * 2.2 branch < 2.2.8.84
    * 2.3 branch < 2.3.2.14

Vulnerability :  XSS vulnerability

Description : The IPDiva Mediation server suffer of a lot of XSSvulnerability. simply vector as <script>alert("Tested byHa.ckers.frTeam");</script> work for example...

Prev by Date: Re: UniversalFtp Server 1.0.44 Multiple Remote Denial of service
Next by Date: scribe 0.2 local file inclusion vulnerability
Previous by thread: UniversalFtp Server 1.0.44 Multiple Remote Denial of service
Next by thread: Re: DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks
Index(es):
- Date
- Thread