Omnistar Document Manager Two Cross-Site Scripting
Omnistar Document Manager Two Cross-Site Scripting Vulnerabilities
Release Date : 2012-10-12
Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Unpatched
Software: Omnistar Document Manager 8.x
Benjamin Kunz Mejri has reported two vulnerabilities in Omnistar Document Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "interface" parameter in index.php and "alert_msg" parameter to index.php (when "interface" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 8.0. Other versions may also be affected.
No official solution is currently available.
Provided and/or discovered by:
Benjamin Kunz Mejri, Vulnerability Lab