Web application abuses : Textpattern CMS 'index.php' XSS Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.804499

Kategorie: Web application abuses

Titel: Textpattern CMS 'index.php' XSS Vulnerability - Active Check

Zusammenfassung: Textpattern CMS is prone to cross-site scripting (XSS); vulnerability.

Beschreibung: Summary:
Textpattern CMS is prone to cross-site scripting (XSS)
vulnerability.

Vulnerability Insight:
The flaw exists due to insufficient sanitization of input data
passed via URI after '/textpattern/setup/index.php' script.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary
HTML and script code in a user's browser session in the context of an affected site.

Affected Software/OS:
Textpattern CMS version 4.5.5 and probably prior.

Solution:
Update to version 4.5.7 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-4737
Bugtraq: 20141001 Reflected Cross-Site Scripting (XSS) in Textpattern (Google Search)
http://www.securityfocus.com/archive/1/533596/100/0/threaded
http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html
http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on
https://www.htbridge.com/advisory/HTB23223
XForce ISS Database: textpattern-cve20144737-xss(96802)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96802

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.804499
Kategorie:	Web application abuses
Titel:	Textpattern CMS 'index.php' XSS Vulnerability - Active Check
Zusammenfassung:	Textpattern CMS is prone to cross-site scripting (XSS); vulnerability.
Beschreibung:	Summary: Textpattern CMS is prone to cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw exists due to insufficient sanitization of input data passed via URI after '/textpattern/setup/index.php' script. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Textpattern CMS version 4.5.5 and probably prior. Solution: Update to version 4.5.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4737 Bugtraq: 20141001 Reflected Cross-Site Scripting (XSS) in Textpattern (Google Search) http://www.securityfocus.com/archive/1/533596/100/0/threaded http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on https://www.htbridge.com/advisory/HTB23223 XForce ISS Database: textpattern-cve20144737-xss(96802) https://exchange.xforce.ibmcloud.com/vulnerabilities/96802
Copyright	Copyright (C) 2014 Greenbone Networks GmbH