MOABI : Continuous Software Improvement

CVE-2009-4859
Description	Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp.
Impact	CVSS v2 : 4.3 MEDIUM
Type	CWE-79
Attack Vector	CVSSv2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt http://secunia.com/advisories/36244