BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

CH Radyo 2 Cross-Site Scripting Vulnerability

Disclosed May 4, 2014    Zeroday : 80 days

Vulnerability Description:

CH Radyo contains two cross-site scripting (XSS) vulnerabilities in the “soru” parameter, which are passed to index.html and mplayer/index.html. The “soru” parameter is not properly sanitized before being returned back to the user, therefore, a remote attacker may leverage this to arbitrarily execute scripts within the user’s browser.

Vendors:

CH Radyo

Vulnerable Software/Devices:

CH Radyo v2 and possibly other versions

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Cross-Site Scripting
Input sent via URL to index.html and mplayer/index.html str not properly sanitized, allowing for attacker-controlled HTML or script returned to the user to execute within the context of the browser.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 34029 - CH Radyo v2 and Prior Cross Site Scripting (Zero-Day)

Mitigation:

There are no mitigations currently available.

Links:

CVE(s):

None