January 16, 2006 — (WEB HOST INDUSTRY REVIEW) — A vulnerability has been found in the Helm Web hosting control panel (helm.webhostautomation.com), according to a report by security organization Secunia (secunia.org). Helm is the flagship hosting automation solution of UK-based software developer WebHost Automation.
According to Secunia, input passed to the “txtEmailAddress” parameter in forgotPassword.asp isn’t properly sanitized before being returned to the user.
This flaw, rated less critical, could then be exploited to carry out cross-site scripting attacks. Secunia says the solution is to edit the source code to ensure the input is properly sanitized.
The vulnerability has been reported in version 3.2.8 of Helm and other versions may also be affected.
