################################################
Panda ActiveScan XSS vulnerability
Vendor urL:http://www.pandasoftware.es or .com
Advisore:http://lostmon.blogspot.com/2006/08/
panda-activescan-xss-vulnerability.html
vendor notify:yes exploit available:yes
################################################

Panda ActiveScan contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate 'email' variable upon submission to the ascan_6.asp
script.This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,leading
to a loss of integrity.

##########
versions:
##########

Panda ActiveScan 5.53.00

##########
Solution:
##########

No solution at this time !!!

#########
timeline:
#########

discovered : 01-08-2006
vendor notify :05-08-2006
vendor response :-------
vendor fix:--------
disclosure:9-08-2005

################
test
################



http://www.pandasoftware.com/activescan/activescan/
ascan_6.asp?IdLang=2&Idvendor=17490&Idpais=63&email=
Lostmon@gmail.com%22%3E%3Cscript%3Ealert%28%27XSS%20
Vulnerability%27%29%3C/script%3E%26&pais=62&
provincia=9&tipousuario=0&enviar=1&ode=0#


######################## €nd #####################

Thnx to Estrella to be my ligth.

-- 
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....