Results 1 to 1 of 1
-
11-27-2013, 08:37 AM #1Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
ClientExec - Multiple XSS Security Vulnerabilities (R911-0096)
Type: XSS
Location: Remote
Impact: High
Product: ClientExec
Website: http://www.clientexec.com
Vulnerable Version: 4.6.7
Fixed Version: 4.6.8
CVE: -
R911: 0096
Date: 2013-11-27
By: Rack911
ClientExec is a comprehensive and flexible web hosting billing solution that will help you manage and expand your existing base of hosting clients. ClientExec was conceived and built with small to mid-sized hosting companies in mind. ClientExec was built to enable business owners to effectively manage their hosting clients and web hosting billing using one convenient and powerful platform.
Vulnerability Description:
There are a couple of XSS security vulnerabilities present within the admin panel of ClientExec.
Impact:
We have deemed this vulnerability to be rated as HIGH due to the fact that the XSS code is being executed by an admin which could lead to other security issues.
Vulnerable Version:
This vulnerability was tested against ClientExec v4.6.7.
Fixed Version:
This vulnerability was patched in ClientExec v4.6.8.
Vendor Contact Timeline:
2013-11-15: Vendor contacted via email.
2013-11-15: Vendor confirms vulnerability.
2013-11-20: Vendor issues update.
2013-11-27: Rack911 issues security advisory.RACK911 Labs | Penetration Testing | https://www.RACK911Labs.ca
www.HostingSecList.com - Security Notices for the Hosting Community.
Similar Threads
-
[FEATURED] ClientExec - Multiple Input Validation Failures (R911-0095)
By Patrick in forum VulnerabilitiesReplies: 0Last Post: 11-27-2013, 08:37 AM -
WHMXtra (Reseller UI) - Local Race Condition Vulnerabilities (R911-0067)
By Patrick in forum Hosting Security and TechnologyReplies: 0Last Post: 09-11-2013, 04:03 PM -
ArcticDesk - Multiple XSS Flaws (R911-0048)
By Steven in forum Hosting Security and TechnologyReplies: 0Last Post: 07-24-2013, 02:08 PM -
28 XSS vulnerabilities???
By jalapeno55 in forum Hosting Security and TechnologyReplies: 1Last Post: 06-24-2008, 09:41 PM -
MyImageBuddy.com - For Sale *Secured Multiple Security Vulnerabilities Since Purchase
By Digital-Impulse in forum Other Offers & RequestsReplies: 4Last Post: 09-10-2005, 05:00 PM