Arbitrary Script Execution via Cross-Site Scripting (XSS) in BadBlue Enterprise and Personal Edition 1.7 and 1.7.2

Arbitrary Script Execution via Cross-Site Scripting (XSS) in BadBlue Enterprise and Personal Edition 1.7 and 1.7.2

CVE-2002-1685 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI.

Learn more about our Api Penetration Testing.