Signature Detail
Short Name |
HTTP:XSS:HDR-REFERRER |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Category |
HTTP |
Keywords |
Referrer Header Cross-Site Scripting |
Release Date |
2004/10/13 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Referrer Header Cross-Site Scripting
This signature detects attempts to exploit a cross-site scripting vulnerability. Attackers can embed malicious HTML tags within the HTTP Referrer header; because some Web servers and server-side applications parse this data incorrectly, attackers can successfully execute a cross-site scripting attack.
Extended Description
Reportedly Invision Power Board is affected by a remote cross-site scripting vulnerability. This issue is due to a failure of the application to validate or sanitize user supplied input prior to including it in dynamic Web content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the vulnerable application, facilitating the theft of cookie-based authentication credentials as well as other attacks.
Affected Products
- Invision Power Services Invision Board 2.0.0
References
- BugTraq: 11332
- CVE: CVE-2015-2294
- CVE: CVE-2015-2294
- CVE: CVE-2004-1578