Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18322
HistoryOct 31, 2007 - 12:00 a.m.

Airkiosk/formlib application is XSS vuln

2007-10-3100:00:00
vulners.com
25
JSON

In the last week I've found a XSS vuln into the Sutra's Airkiosk
application for the realtime distribution of flights/booking and
check-in interface (www.airkiosk.com).

The XSS is possible because they are using a VULN/OLD formlib.pl in
their application that permits to execute any JavaScript you like:

        &HtmlError("formlib.parse", "bjelli", "Error parsing $_, aborting.\n");

if you get the error 'f you need help, call bjelli.'.

I suppose it can be related to this flying companies (I've only tryed it
on Blu-express, and Jet2.com):

Aero, Jet2.com, Air southwest, manx2, airsea, republicaairways,
blu-express, highland airways, blueisland, tobagoexpress, evolavia,
zambian, menajet.com, snowflake, airwales and other that is can be easy
found by searching on google.

The maintainer (and the flying company blu-express) has been contacted
twice via mail in the last two weeks but choose not to respond at all.

Regards
Skien

JSON