Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: General :: web5028.htm

Plumtree Corporate Portal cross site scripting vulnerability



25th Jan 2002 [SBWID-5028]
COMMAND

	Plumtree Corporate Portal cross site scripting vulnerability

SYSTEMS AFFECTED

	Corporate Portal versions 4.5, 4.0, 4.0SP1, 4.0i, 4.0iSP1, and 3.5

PROBLEM

	Ed Moyle posted :
	

	Plumtree Corporate Portal  supplies  an  error  information  page  named
	error.asp, which by default is accessed through :
	

	http://<PORTALSITE>/<PORTALNAME>/common/error.asp.  

	

	The second parameter supplied to error.asp is a textual  description  of
	the error message that will be shown in the resulting  error  web  page.
	This textual parameter may  be  modified  to  include  rogue  script  on
	affected installations.

SOLUTION

	Get Corporate Portal 4.5 Service Pack 1 and 4.0 SP1 Hotfix 6.
	

	http://www.plumtree.com/company/technical_support.htm

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH