Summary
This host is running ESET Remote Administrator and is prone to remote Cross-Site Scripting vulnerability.
Impact
Successful explotiation will allow the attacker to execute arbitrary code in the scope of the application and can compromise the way the site is rendered to the user.
Impact Level: Application
Solution
Upgrade to the version 3.0.105,
http://www.eset.eu/products/eset-remote-administrator-3
Insight
This vulnerability exists in the Additional Report Settings interface which fails to properly sanitize user supplied input before using it in dynamically generated content. As a result the host becomes vulnerable to arbitrary web script or HTML code injection.
Affected
ESET Remote Administrator version prior to 3.0.105 on Windows.
References
Severity
Classification
-
CVE CVE-2009-0548 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Open For Business HTML injection vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability