VULHUB ™

It is reported that Web Page Generator contains a cross-site scripting vulnerability, and an information disclosure vulnerability. The error transaction facility does not sufficiently sanitize user-supplied data, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. The error transaction facility, can also disclose information about an internal directory. This may assist an attacker with further compromise against the server. These vulnerabilities are only present when the application is in debugging mode, (when 'DEBUG_MODE=on'), and the default error template is used.

It is reported that Web Page Generator contains a cross-site scripting vulnerability, and an information disclosure vulnerability. The error transaction facility does not sufficiently sanitize user-supplied data, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code. This would occur in the security context of the site hosting the software. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. The error transaction facility, can also disclose information about an internal directory. This may assist an attacker with further compromise against the server. These vulnerabilities are only present when the application is in debugging mode, (when 'DEBUG_MODE=on'), and the default error template is used.