Update Protection against Novell QuickFinder Server Multiple Cross Site Scripting
| Check Point Reference: | CPAI-2009-077 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA33886 | |
| Industry Reference(s): | ||
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? | ||
| Vulnerability Description A cross-site scripting vulnerability was reported in Novell QuickFinder Server, a site-specific search engine. The flaw is due to lack of validation of user supplied input data. An attacker can leverage this flaw to execute arbitrary HTML and script code on target user's web browser, within the context of a trusted web site. This can allow an attacker to gain read and write access to user's cookies and other sensitive information. |
||
|
Update/Patch Available The vendor has not released an advisory addressing this vulnerability. |
|
|
Vulnerability Details Novell QuickFinder Server is a site-specific search engine that allows users to search the public and private sites, partners' sites and any number of additional Web sites across the Internet, all from a single search interface on one Web site. The vulnerability is due to insufficient validation of URL requests. This could allow the JavaScript code to execute on the target user's browser within the security context of the target web site. |
Protection Overview By enabling this protection, IPS-1 will detect and block attempts to embed JavaScript into QuickFinder queries.
To configure the defense, select your product from the list below and follow the related protection steps.