Back to search
CVE-2006-3328
Published: Jun 30, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://pridels0.blogspot.com/2006/06/hostflow-vuln.html
x_refsource_MISC
26872
vdb-entry
x_refsource_OSVDB
ADV-2006-2570
vdb-entry
x_refsource_VUPEN
18695
vdb-entry
x_refsource_BID
hostflow-ticketdescription-xss(27426)
vdb-entry
x_refsource_XF
20863
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now