Tags

, , , , , , , , , , , , , , , , , , ,

IT Information Technology Swift News

innovative_1

Innovative WebPAC Pro 2.0 Unvalidated Redirects and Forwards (URL Redirection) Security Vulnerabilities

Exploit Title: Innovative WebPAC Pro 2.0 /showres url parameter URL Redirection Security Vulnerabilities

Vendor: Innovative Interfaces Inc

Product: WebPAC Pro

Vulnerable Versions: 2.0

Tested Version: 2.0

Advisory Publication: March 14, 2015

Latest Update: March 14, 2015

Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’) [CWE-601]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) (legend)

Impact Subscore: 4.9

Exploitability Subscore: 8.6

Discover and Author: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:

Vendor:

Innovative Interfaces Inc

Product & Version:

WebPAC Pro

2.0

Vendor URL & Download:

WebPAC Pro can be got from here,

http://www.iii.com/products/webpac_pro.shtml

http://lj.libraryjournal.com/2005/12/ljarchives/innovative-releasing-webpac-pro/

Libraries that have installed WebPac Pro:

https://wiki.library.oregonstate.edu/confluence/display/WebOPAC/Libraries+that+have+installed+WebPac+Pro

Product Introduction Overview:

“Today, some libraries want to enhance their online presence in ways that go beyond the traditional OPAC and the…

View original post 359 more words

Advertisements