Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: infos

CjOverkill trade.php XSS Vulnerability Scan


Vulnerability Scan Summary
Check CjOverkill version

Detailed Explanation for this Vulnerability Test

The remote server runs a version of CjOverkill, a free traffic trading
script which is as old as or older than version 4.0.3.

The remote version of this software is affected by a cross-site scripting
vulnerability in the script 'trade.php'. This issue is due to a failure
of the application to properly sanitize user-supplied input.

As a result of this vulnerability, it is possible for a remote attacker
to create a malicious link containing script code that will be executed
in the browser of an unsuspecting user when followed.

This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.

Solution : Upgrade to version 4.0.4 or newer.
Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.