|
Description
|
|
Trustwave SpiderLabs has reported multiple vulnerabilities in BSS BS-Client, which can be exploited by malicious users to conduct SQL injection attacks and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
1) Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This vulnerability is reported in version 3.17.9.
2) An error related to the two factor authentication functionality can be exploited to generate a valid session ID and access e.g. account balances.
This vulnerability is reported in versions 2.5 and 2.4.
3) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This vulnerability is reported in versions 3.17.9, 2.5 and 2.4.
|
