“It's [the cloud] just as bad as using a proprietary program. Do your own computing on your own computer with your copy of a freedom-respecting program. If you use a proprietary program or somebody else's web server, you're defenceless. You're putty in the hands of whoever developed that software.”
Richard Stallman

Incident ID: 404

Incident Type:

Summary: servlets/ibc PageName Parameter XSS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PageName' parameter upon submission to the 'servlets/ibc' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. SeeMe submitted the vulnerability to on October 5. validated the vulnerability on November 14. Cloutage is not aware of a resolution to this vulnerability.

Number Affected: Unknown
Organization: Bank of Georgia
Reported Date:2010-10-05
Occurred Date:2010-11-14


Edit | Back