A vulnerability in the example_form.php
script of Securimage version 3.5 could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks.
The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by persuading a user to visit a malicious URL that uses the crafted REQUEST_URI
variable. When the user visits the URL, it could execute arbitrary script code in the user's browser session in the context of the affected site. This could allow the attacker to obtain browser-based sensitive information, such as cookie-based authentication credentials or recently submitted data.
Proof-of-concept code that exploits this vulnerability is publicly available.
Users should verify that unsolicited links are safe to follow.
For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectors
Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.
Securimage has confirmed this vulnerability in the git repository at the following link: Securimage
. Securimage has released updated software at the following link: Securimage version 3.5.1