Summary
This host has ELOG installed and is prone to cross-site scripting vulnerability.
Impact
Attackers can exploit this issue to steal cookie-based authentication credentials by conducting Cross-Site Scripting attacks on the affected system.
Impact Level: System/Application
Solution
Upgrade ELOG Version to 2.7.2 or later.
https://midas.psi.ch/elog/download/
Insight
An error occurs while processing malicious user supplied data passed into the 'logbook' module and can be exploited to inject arbitrary HTML and script code in the context of the affected application.
Affected
ELOG versions prior to 2.7.2
References
Severity
Classification
-
CVE CVE-2008-7206 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Subversion Module Metadata Accessible
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Solr Directory Traversal Vulnerability Jan-14
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities