|
Family: CGI abuses : XSS --> Category: infos
DCP-Portal XSS Vulnerability Scan
Vulnerability Scan Summary Check for DCP-Portal XSS flaws
Detailed Explanation for this Vulnerability Test
You are running a version of DCP-Portal which is older or equals to v5.3.2
This version is vulnerable to:
- Cross-site scripting flaws in calendar.php script, which may let an
attacker to execute arbitrary code in the browser of a legitimate user.
In addition to this, your version may also be vulnerable to:
- HTML injection flaws, which may let a possible hacker to inject hostile
HTML and script code that could permit cookie-based credentials to be stolen
and other attacks.
- HTTP response splitting flaw, which may let a possible hacker to influence
or misrepresent how web content is served, cached or interpreted.
See also : http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0131.html
Solution : Upgrade to a newer version when available
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|