FrontAccounting Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

FrontAccounting is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user- supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. FrontAccounting 2.3RC2 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://frontaccounting.com/
http://frontaccounting.com/wb3/pages/posts/release-2.3-rc3157.php
http://sourceforge.net/projects/frontaccounting/
https://www.securityfocus.com/bid/44556
https://www.securityfocus.com/bid/44557

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Allaire JRun directory browsing vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
AbanteCart Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities