Security Note: Security Issues in Enterprise Service Builder
[admin pages] [cross site scripting] [DocuBaseServlet] [http cookie] [XI]
Symptom
1)Several cross site scripting (XSS) vulnerabilities have been discovered in administrative Web interfaces of XI.
2)Some servlets allow bypassing http-only cookie security.
3)Some Exchange Profile parameters are saved as plain text in NWA.
4)Reading and overwriting files using various administrative XI tools Possible.
5)The password is contained in clear text in the HTML source code.
Other terms
cross site scripting, XI, [...]