• IDP Daily Update #1254
  posted: 09/05/08
  
• NSM Daily Update #1254
  posted: 09/05/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1254
  posted: 09/05/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1252
  posted: 09/05/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 09/05/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Recherche Cross-Site Scripting Vulnerability

Severity: HIGH

Description:

Recherche is a search application which is designed to be implemented in web sites. Recherche is maintained by PHP Gratuit.

Recherche does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'add.php3' script. The attacker-supplied script code will be executed in the browser of a web user who visits this malicious link, in the security context of the host running Recherche. Such a malicious link might be included in a HTML e-mail or on a malicious webpage.

This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a website running Recherche.

Affected Products:

• PHP Gratuit Recherche 1.3.0

References:

• PHP Gratuit: Recherche Homepage
• frog frog <leseulfrog@hotmail.com>: Security holes in 11 products...