ExpressionEngine CMS Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running ExpressionEngine CMS and is prone to Cross Site Scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to inject arbitrary HTML codes in an image by tricking the user to view a malicious profile page. Impact Level: Application

Solution

Update ExpressionEngine to version 1.6.7 http://expressionengine.com

Insight

Inadequate validation of user supplied input to the system/index.php script leads to cross site attacks.

Affected

ExpresssionEngine versions prior to 1.6.7 on all platforms.

References

http://secunia.com/advisories/34379
http://www.securityfocus.com/archive/1/archive/1/502045/100/0/threaded
http://xforce.iss.net/xforce/xfdb/49359

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1070

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apache Tomcat Information Disclosure Vulnerability
Allaire JRun directory browsing vulnerability
Apache Subversion Module Metadata Accessible
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability

Take action and discover your vulnerabilities