powered by Jive Software

XSS vulnerabilities in Fastpath

Hi All,

I was wondering if someone has seen this:

http://bl0g.yehg.net/2012/04/fastpath-webchat-multiple-cross-site.html

If someone could jump on it - we will all be greatful .

Regards,

Kalin

Considering the trust relationship between a webchat client and the associated Openfire server, I am curious to understand how the script injection is introduced by a third party.

Any further detail will be appreciated espcially on exactly how the script injection is done.

Anyone could modify the source code and implement the changes suggested at http://en.wikipedia.org/wiki/Cross-site_scripting, but it still does not stop a hacker from changing the code and putting a malicious version on an untrusted web site.

Anyone using webchat should be checking the data stored on their database and removing spam and unwanted content including embedded malicious scripts I am not convinced there is any reason for panic.