Intrusion Prevention

Revize.CMS.HTTPTranslatorServlet.XSS

Description

Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS, allow remote attackers to inject arbitrary web scripts or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp.

Affected Products

Revize CMS 4.x

Impact

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Recommended Actions

Edit the source code to ensure that input is properly sanitised, and ensure that files exposing sensitive information to users are not placed where they are accessible from inside the web root.

CVE References

CVE-2005-3730