|
Family: CGI abuses : XSS --> Category: infos
YaCy Peer-To-Peer Search Engine XSS Vulnerability Scan
Vulnerability Scan Summary Checks for YaCy Peer-To-Peer Search Engine XSS
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains a peer-to-peer search engine that is prone to
cross-site scripting attacks.
Description :
The remote host runs YaCy, a peer-to-peer distributed web search
engine and caching web proxy.
The remote version of this software is vulnerable to multiple
cross-site scripting due to a lack of sanitization of user-supplied
data.
Successful exploitation of this issue may allow a possible hacker to use the
remote server to perform an attack against a third-party user.
See also :
http://www.securityfocus.com/archive/1/385453
Solution:
Upgrade to YaCy 0.32 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|