N.T. index.php username Variable XSS
Posted on 05 April 2006
N.T. contains a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate the 'username'
variable upon submission to the index.php script. This could allow a
user to create a specially crafted URL that would execute arbitrary code
in an administrator's browser when the "Login Log" page is viewed, leading
to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
- Chucky A. Ivey N.T. 1.1.0 Affected
- Remote vulnerability
- Input manipulation attack
- Impact on integrity
- Exploit available
- Secunia Advisory ID: 19526
- Other Advisory URL: go there
- Vendor URL: go there
- Related OSVDB ID: 24398
- Mail List Post: go there
- CVE ID: 2006-1657
- FrSIRT Advisory: ADV-2006-1243
The HNS Vulnerabilities section is powered by OSVDB
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.