|
|
| |
| The Adobe LiveCycle Workflow management login page contains a vulnerability which is susceptible to a cross site scripting (XSS) attack. |
| |
Credit:
The information has been provided by Dave Lewis.
The original article can be found at: http://www.liquidmatrix.org/blog/2008/03/11/advisory-adobe-livecycle-workflow-xss-vulnerability/
|
| |
Vulnerable Systems:
* Adobe LiveCycle Workflow version 6.2 Management Web Interface
Impact:
A remote attacker could execute a XSS attack that could pass arbitrary html to the user and capture usernames/passwords.
Technical Details:
Input passed to the URL of the web management login page is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user s browser session in context of an affected site.
Fix Information:
This issue has been resolved. The patch may be obtained from: http://www.adobe.com/go/supportportal
CVE Information:
CVE-2008-1202
|
|
|
|
|
