OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS
Posted by deepcore on April 15, 2016 – 11:27 am
OpenWGA Content Manager version 7.1.9 suffers from a cross site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Post a reply
You must be logged in to post a comment.