ID de Prueba:	1.3.6.1.4.1.25623.1.0.804637
Categoría:	Web application abuses
Título:	Transform Foundation Server Multiple Cross Site Scripting Vulnerabilities
Resumen:	This host is installed Transform Foundation Server and is prone to multiple cross; site scripting vulnerabilities.
Descripción:	Summary: This host is installed Transform Foundation Server and is prone to multiple cross site scripting vulnerabilities. Vulnerability Insight: Multiple flaws exist due to an: - Improper validation of input passed via 'db' and 'referer' POST parameters passed to /index.fsp/index.fsp script. - Improper validation of the input passed via 'pn' GET parameter passed to /index.fsp script. - Improper validation of input passed via the URL before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Transform Foundation Server version 4.3.1 and 5.2 Solution: Apply the update from the referenced advisory. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	BugTraq ID: 67810 Common Vulnerability Exposure (CVE) ID: CVE-2014-2577 http://www.securityfocus.com/bid/67810 Bugtraq: 20140603 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies (Google Search) http://www.securityfocus.com/archive/1/532286/100/0/threaded http://seclists.org/fulldisclosure/2014/Jun/15 http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.