|
Description
|
|
Internet Security Auditors has reported a weakness and a vulnerability in Telaen, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
1) Input appended to the URL after redir.php is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
2) Input passed via the "f_email" GET parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The weakness and the vulnerability are reported in version 1.3.0. Prior versions may also be affected.
|
