The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an malicious user to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
allaire spectra 1.0 |
||
allaire spectra 1.0.1 |