Family: CGI abuses --> Category: attack
SiteEnable XSS and SQL Injection Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for XSS and SQL injection vulnerabilities in SiteEnable
Detailed Explanation for this Vulnerability Test
The remote web server contains an ASP application that is affected by
The remote host is running a version of the SiteEnable CMS package
that is prone to several vulnerabilities :
- SQL Injection Vulnerability
Due to a failure to properly sanitize user input to the 'sortby'
parameter of the 'content.asp' script, a possible hacker can
execute SQL queries against the underlying database.
- Multiple Cross-Site Scripting Vulnerabilities
A possible hacker can pass arbitrary HTML and script code through
the 'contenttype' parameter (and likely others) of the
'content.asp' script to be executed in a user's browser in
the context of the affected website.
See also :
Unknown at this time.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.