XSS in OneOrZero AIMS
|Vendor:||www.oneorzero.com ( http://www.oneorzero.com/ )|
|Vulnerable Versions:||2.8.0 Trial build231211 and probably prior|
|Tested Version:||2.8.0 Trial build231211|
|Advisory Publication:||December 28, 2011 [without technical details]|
|Vendor Notification:||December 28, 2011|
|Public Disclosure:||January 18, 2012|
|Vulnerability Type:||Cross-Site Scripting [CWE-79]|
|CVSSv2 Base Score:||4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge SA Security Research Lab has discovered vulnerability in OneOrZero AIMS, which can be exploited to perform cross-site scripting attacks.
|Currently we are not aware of any vendor-supplied patches or other solutions. The vendor was contacted in accordance to our Vendor Notification Policy but we didn't get any answer or feedback.|
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.