Written by Isfahan University of Technology - Computer Emergency Response Team
Tuesday, 03 March 2009 22:02
Yektaweb Academic Web Tools CMS Multiple Cross Site Scripting Vulnerabilities
Input Validation Error
Mar 02 2009 12:00AM
Mar 03 2009 06:26PM
Isfahan University of Technology - Computer Emergency Response Team
Yektaweb Academic Webtools CMS 1.5.7
Yektaweb Academic Webtools CMS 18.104.22.168
Yektaweb Academic Web Tools CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
Academic Web Tools CMS 1.5.7 is vulnerable; other versions may also be affected.
An attacker can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
--Academic Web Tools CMS Homepage
--YEKTA WEB Academic Web Tools CMS Multiple XSS