[Full-Disclosure] STG Security Advisory: JEUS Web Application Server Cross Site Scripting Vulnerability
From: SSR Team (advisory_at_stgsecurity.com)
To: "Full Disclosure" <email@example.com> Date: Tue, 17 Jun 2003 10:19:55 +0900
-----BEGIN PGP SIGNED MESSAGE-----
STG Security Advisory: JEUS Web Application Server Cross Site Scripting
Date Published: 2003-06-17 (KST)
Last Update: 2003-06-17
JEUS (Java Enterprise User Solution) is a J2EE compatible web application
server, developed by Tmax Soft, providing a clustering system especially
designed for large enterprise business applications.
Implementation Error: Inappropriate Input Validation
This vulnerability was found at JEUS 3.1.4p1. The vendor confirmed all
versions below 3.2.2 have this vulnerability.
JEUS Web Application Server has a cross site scripting vulnerability
Proof of Concept