Intrusion Prevention

Expinion.Net.MMS.Error.asp.XSS

Description

This indicates a possible exploit of a Cross-site scripting Vulnerability in Expinion.net Member Management System.
Member Management System (MMS) is a program that allows administrators to manage user membership and supports MS Access and MS SQL databases for Microsoft Windows platforms. A cross-site scripting vulnerability is reported in it that may allow an attacker to execute scripts on the victims browser in the security context of hosting site. This is due to application modules error.asp and register.asp failure to properly sanitize data passed to them, which enables an attacker to include malicious scripts in the weblinks. An attacker may persuade a victim to click a malicious web link which has malicious script to be executed on the victims browser in the security context of hosting site. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials.

Affected Products

Expinion.net Member Management System 2.1 and earlier versions.

Impact

Gain access.

Recommended Actions

Upgrade to Expinion.net Member Management System 2.2 or later version.

CVE References

CVE-2004-1844