Maxwebportal 1.3x - 'down.asp' HTTP_REFERER Cross-Site Scripting

EDB-ID:

23676




Platform:

ASP

Date:

2004-02-10


source: https://www.securityfocus.com/bid/9625/info

It has been reported that MaxWebPortal may be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied input. The specific issues include cross-site scripting, HTML injection and SQL injection.

MaxWebPortal versions prior to 1.32 have been reported to be prone to these issues.

<a href="<% =Request.ServerVariables("HTTP_REFERER") %>">Back</font></a></p>