Test ID:	1.3.6.1.4.1.25623.1.0.100388
Category:	Web application abuses
Title:	Sun Solaris AnswerBook2 <= 1.4.4 Multiple XSS Vulnerabilities - Active Check
Summary:	Sun Solaris AnswerBook2 is prone to multiple cross-site; scripting (XSS) vulnerabilities. These issues arise due to insufficient sanitization of; user-supplied data facilitating execution of arbitrary HTML and script code in a user's; browser.
Description:	Summary: Sun Solaris AnswerBook2 is prone to multiple cross-site scripting (XSS) vulnerabilities. These issues arise due to insufficient sanitization of user-supplied data facilitating execution of arbitrary HTML and script code in a user's browser. Vulnerability Insight: The following specific issues were identified: - It is reported that the Search function of the application is affected by a cross-site scripting vulnerability. - The AnswerBook2 admin interface is prone to cross-site scripting attacks as well. Vulnerability Impact: These issues can lead to theft of cookie based credentials and other attacks. Affected Software/OS: AnswerBook2 version 1.4.4 and prior. Solution: Sun has released an advisory to address these issues. The vendor recommends disabling the application and referring to Sun documentation at the Sun Product Documentation Web site. Please see the referenced advisory for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0548 Bugtraq: 20050328 Multiple XSS issues in Sun AnswerBook2 (Google Search) http://marc.info/?l=bugtraq&m=111205163531628&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1 Common Vulnerability Exposure (CVE) ID: CVE-2005-0549
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.