The host is installed with ClanSphere and is prone to xss vulnerability.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application

No solution or patch is available as of 23th January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer http://www.csphere.eu

Input passed via the 'where' parameter to '/index.php' is not properly sanitised before being returned to the user.

ClanSphere version 2011.4, Prior versions may also be affected.

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://osvdb.org/104140
• http://seclists.org/fulldisclosure/2014/Mar/73
• http://secunia.com/advisories/57306
• http://www.securityfocus.com/archive/1/archive/1/531373/100/0/threaded
• https://www.httpcs.com/advisory/httpcs127

---

Updated on 2015-03-25