CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
MS-Analysis 2.x
DESCRIPTION:
Janek Vind has reported some vulnerabilities in MS-Analysis, allowing
malicious people to conduct Cross Site Scripting and SQL injection
attacks.
1) Several scripts return error messages containing the full
installation path if called directly. This may provide an attacker
with useful information for other attacks.
2) Input passed to various parameters in several scripts isn't
properly verified before it is returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable site.
More: http://secunia.com/advisories/11203/
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
MS-Analysis Multiple Vulnerabilities
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic