FlatPress Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running FlatPress and is prone to multiple Cross Site Scripting vulnerabilities.

Impact

Successful exploitation will let the remote attacker to execute arbitrary web script or HTML code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to FlatPress version 0.909.1, For updates refer to http://sourceforge.net/projects/flatpress/files/

Insight

The flaws are due to error in 'contact.php','login.php' and 'search.php' that fail to sufficiently sanitize user-supplied data via the PATH_INFO.

Affected

FlatPress version 0.909 and prior.

References

http://secunia.com/advisories/37938
http://www.exploit-db.com/exploits/10688

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4461

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

123 Flash Chat Multiple Security Vulnerabilities
3Com NBX VoIP NetSet Detection
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
@Mail WebMail Email Body HTML Injection Vulnerability

FlatPress Multiple Cross site Scripting Vulnerabilities

Take action and discover your vulnerabilities