Test Kennung:	1.3.6.1.4.1.25623.1.0.804654
Kategorie:	Web application abuses
Titel:	Eugene Ajenti 'respond_error' Multiple Cross-Site Scripting Vulnerabilities
Zusammenfassung:	This host is installed with Eugene Ajenti and is prone to multiple cross-site; scripting vulnerability.
Beschreibung:	Summary: This host is installed with Eugene Ajenti and is prone to multiple cross-site scripting vulnerability. Vulnerability Insight: The flaws exist due to 'respond_error' function in routing.py which does not validate input passed via the URL to resources.js and resources.css before returning it to users. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Eugene Pankov Ajenti before version 1.2.21.7. Solution: Upgrade to Eugene Pankov Ajenti version 1.2.21.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	BugTraq ID: 68047 Common Vulnerability Exposure (CVE) ID: CVE-2014-4301 http://www.securityfocus.com/bid/68047 https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti http://secunia.com/advisories/59177
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.