|
Family: CGI abuses --> Category: attack
Cutenews search.php Cross Site Scripting Vulerability Vulnerability Scan
Vulnerability Scan Summary Tries to inject javascript code.
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a
cross-site scripting issue.
Description:
The version of Cutenews installed on the remote host fails to sanitize
input to the 'search.php' script before using it to generate dynamic
HTML to be returned to the user. An unauthenticated attacker can
exploit this issue to execute a cross-site scripting attack.
This version of Cutenews is also likely affected by other associated
issues.
See also :
http://www.kapda.ir/advisory-450.html
Solution :
Unknown at this time.
Threat Level:
Low / CVSS Base Score : 1.9
(AV:R/AC:H/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|