Release date: 2012-04-23
Updated on: 2012-04-23
Affected Systems:
Sohuu OA (Office Automation) 2011
Description:
--------------------------------------------------------------------------------
Office Automation is a commercial Office system developed based on PHP and MySQL.
The OA Office System has multiple cross-site scripting vulnerabilities, including: Web forms do not strictly filter the content submitted by users, and attackers can construct malicious code (such as JavaScript scripts) stored on the server. When a user opens a webpage in a browser, malicious code is automatically executed, resulting in attacks such as phishing, Trojan, And Cookie Theft.
<* Source: CNCERT
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sohuu
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.sohuu.com/