Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.80052 |
Kategorie: | Web application abuses |
Titel: | CuteNews search.php Cross-Site Scripting Vulnerability |
Zusammenfassung: | The remote web server contains a PHP script that is affected by a; cross-site scripting issue.;; The version of Cutenews installed on the remote host fails to sanitize input to the 'search.php' script before; using it to generate dynamic HTML to be returned to the user. An unauthenticated attacker can exploit this issue; to execute a cross-site scripting attack.;; This version of Cutenews is also likely affected by other associated issues. |
Beschreibung: | Summary: The remote web server contains a PHP script that is affected by a cross-site scripting issue. The version of Cutenews installed on the remote host fails to sanitize input to the 'search.php' script before using it to generate dynamic HTML to be returned to the user. An unauthenticated attacker can exploit this issue to execute a cross-site scripting attack. This version of Cutenews is also likely affected by other associated issues. Solution: Update to the latest version. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
Querverweis: |
BugTraq ID: 21233 |
Copyright | Copyright (C) 2008 Justin Seitz |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |