VWE-2010-0077 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2010-0077
This page is a chapter in Info Known Vulnerabilities

This page has been seen 169,976 times.

- Created by
  dianiz
  on April 18, 2015
  
  Last updated by
  pegasus
  on April 8, 2018

Common Name Replacement Corruption Vulnerability
VWE-ID VWE-2010-0077
Related Report None
Severity HIGH
Exploit Difficulty Difficult
Platform Affects all platforms supported by the vulnerable versions.
Description HTML/Javascript injection. Does not affect Lite versions.

Discovered November 20, 2010
Resolved November 22, 2010
Patches Available 3.0.6
2.5.7 Patch Level 4
Workaround Remove all URL replacements that paste the following characters " ' < > % /
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Replacement Corruption Vulnerability
VWE-ID	VWE-2010-0077
Related Report	None
Severity	HIGH
Exploit Difficulty	Difficult
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML/Javascript injection. Does not affect Lite versions.
Discovered	November 20, 2010
Resolved	November 22, 2010
Patches Available	3.0.6 2.5.7 Patch Level 4
Workaround	Remove all URL replacements that paste the following characters " ' < > % /