|
Family: CGI abuses : XSS --> Category: attack
JAWS HTML injection vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for HTML injection vulnerabilities in JAWS
Detailed Explanation for this Vulnerability Test
The remote host is running JAWS, a content management system written in PHP.
The remote version of this software does not perform a proper
validation of user-supplied input to several variables used in the
'GlossaryModel.php' script, and is therefore vulnerable to cross-site
scripting attacks.
See also : http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html
Solution : Upgrade to JAWS 0.5.2 or later.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|