IBM Open Admin Tool 'index.php' Multiple Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running IBM Open Admin Tool and is prone to multiple cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and steal the victim's cookie-based authentication credentials. Impact Level: Application.

Solution

Upgrade to IBM OpenAdmin Tool (OAT) version 2.72 or later For updates refer to https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=swg-informixfpd&lang=en_US&S_PKG=dl&cp=UTF-8

Insight

The flaws are due to the improper validation of user supplied input via 'host', 'port', 'username', 'userpass' and 'informixserver' parameters in 'index.php'.

Affected

IBM OpenAdmin Tool (OAT) version before 2.72

References

http://packetstormsecurity.org/files/view/104617/ibmopenadmin-xss.txt
http://voidroot.blogspot.com/2011/08/xss-in-ibm-open-admin-tool.html
http://www.securityfocus.com/archive/1/archive/1/519468/100/0/threaded
http://xforce.iss.net/xforce/xfdb/69488

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3390

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache ActiveMQ Multiple Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
AlienForm CGI script
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities