NOAH Security Issue - Cross-Site Scripting Vulnerability

NOAH Security Vulnerability : Cross-Site Scripting

Fixed: August 2008 in release v3.2.2

Cross-Site Scripting Vulnerability:

NOAH releases prior to v3.2.2 contain a flaw that could allow a remote cross-site scripting attack.

This flaw existed because of inadequate input data validation which has subsequently been corrected on releases v3.2.2 and later.

This flaw could allow a user to create a specially crafted URL that could execute arbitrary code in a user's browser, within the trust relationship between browser and server, leading to a loss of integrity.

Action Required:

Users are strongly advised to update NOAH to release v3.2.2 or above.

Copyright © 2004-2008 Nordicwind Inc. All rights reserved. | Legal Statement | Privacy box