Intrexx 'request' Parameter Cross-Site Scripting Vulnerability (CVE-2014-2026)
Release date:
Updated on:
Affected Systems:
Intrexx Professional 6.0
Intrexx Professional 5.2
Description:
Bugtraq id: 71673
CVE (CAN) ID: CVE-2014-2026
Intrexx is an integrated cross-platform development environment that allows you to create and operate Web-based applications, enterprise portals, and internal systems.
Intrexx Professional 6.0 and 5.2 have the reflected cross-site scripting vulnerability. Attackers can exploit this vulnerability to execute arbitrary script code in the user browsers of the affected sites.
<* Source: Christian Schneider
*>
Suggestion:
Vendor patch:
Intrexx
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.unitedplanet.com/en/intrexx-6-professional
This article permanently updates the link address: