|
|
Family: CGI abuses --> Category: attack
SiteEnable XSS and SQL Injection Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for XSS and SQL injection vulnerabilities in SiteEnable
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP application that is affected by
multiple flaws.
Description :
The remote host is running a version of the SiteEnable CMS package
that is prone to several vulnerabilities :
- SQL Injection Vulnerability
Due to a failure to properly sanitize user input to the 'sortby'
parameter of the 'content.asp' script, a possible hacker can
execute SQL queries against the underlying database.
- Multiple Cross-Site Scripting Vulnerabilities
A possible hacker can pass arbitrary HTML and script code through
the 'contenttype' parameter (and likely others) of the
'content.asp' script to be executed in a user's browser in
the context of the affected website.
See also :
http://securitytracker.com/alerts/2005/Apr/1013631.html
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
