CVE-2013-1410

Vulnerability

Perforce P4web versions 2011.1 and 2012.1 are affected by multiple cross-site scripting (XSS) vulnerabilities. These issues arise because the application fails to properly sanitize user-supplied input, allowing for the injection of malicious scripts [1].

Exploitation

An attacker can exploit these vulnerabilities by crafting a malicious URL that includes script code, such as ``. When a user clicks on this URL, the script is executed within the user's browser in the context of the P4web application [1].

Impact

Successful exploitation of these XSS vulnerabilities allows an attacker to execute arbitrary script code in the victim's browser. This can lead to the theft of sensitive information, such as cookie-based authentication credentials, and enable other malicious attacks against the user or the application [1].

Mitigation

No specific patched version or release date is mentioned in the available references. Users are advised to consult Perforce for any available updates or security advisories. It is not indicated if these versions are end-of-life or listed on the KEV catalog [1].