“The vast majority of affected volumes have now been recovered”

Incident ID: 404

Incident Type:

Summary: servlets/ibc PageName Parameter XSS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PageName' parameter upon submission to the 'servlets/ibc' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. SeeMe submitted the vulnerability to on October 5. validated the vulnerability on November 14. Cloutage is not aware of a resolution to this vulnerability.

Number Affected: Unknown
Organization: Bank of Georgia
Reported Date:2010-10-05
Occurred Date:2010-11-14


Edit | Back