Test ID:	1.3.6.1.4.1.25623.1.0.802159
Category:	Web application abuses
Title:	IBM Open Admin Tool 'index.php' Multiple Cross-Site Scripting Vulnerability
Summary:	IBM Open Admin Tool is prone to multiple cross-site scripting vulnerabilities.
Description:	Summary: IBM Open Admin Tool is prone to multiple cross-site scripting vulnerabilities. Vulnerability Insight: The flaws are due to the improper validation of user supplied input via 'host', 'port', 'username', 'userpass' and 'informixserver' parameters in 'index.php'. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and steal the victim's cookie-based authentication credentials. Affected Software/OS: IBM OpenAdmin Tool (OAT) version before 2.72 Solution: Upgrade to IBM OpenAdmin Tool (OAT) version 2.72 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3390 BugTraq ID: 49364 http://www.securityfocus.com/bid/49364 Bugtraq: 20110830 XSS in IBM Open Admin Tool (Google Search) http://www.securityfocus.com/archive/1/519468/100/0/threaded http://voidroot.blogspot.com/2011/08/xss-in-ibm-open-admin-tool.html http://securityreason.com/securityalert/8370 XForce ISS Database: openadmintool-index-xss(69488) https://exchange.xforce.ibmcloud.com/vulnerabilities/69488
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.