23 Feb Security Advisory – SOS-09-001- Libero Cross-Site Scripting Vulnerability
Release Date: 23-Feb-2009
Last Update: –
Vendor Notification Date: 20-Oct-2008
Platform: Windows (verified), possibly others
Affected versions: Libero v5.3 SP5 (verified), possibly others
Severity Rating: Medium
Impact: Cookie/credential theft, impersonation, loss of
Attack Vector: Remote
Solution Status: Vendor patch not yet available
CVE reference: CVE – 2009-0540
Please refer to the PDF version of this advisory for proof of concept code examples.
The vendor has advised that the fix will be made available in Libero v5.5 SP1.
A fix will not be made available for previous versions.
Oliver Greiter from Sense of Security Labs.