Summary
This host is installed with Contenido CMS
and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Contenido CMS version 4.9.6 or
later. For updates refer http://www.contenido.org/
Insight
Multiple flaws exists as input passed via
the 'idart', 'lang', or 'idcat' GET parameters to cms/front_content.php script is not properly sanitised before being returned to the user within the 'checkParams' function.
Affected
Contenido CMS versions 4.9.x through 4.9.5
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-9433 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- MediaWiki Cross Site Request Forgery Vulnerability
- Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
- MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
- phpShop 'page' Parameter Cross Site Scripting Vulnerability
- PHP display_errors Cross-Site Scripting Vulnerability