GeccBBlite Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is running geccBBlite and is prone to multiple Cross-Site Scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to inject arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to geccBBlite version 0.2 or later. For updates refer to http://sourceforge.net/projects/geccnuke/

Insight

Flaws are caused by improper validation of user-supplied input in multiple scripts. This can be exploited using the 'postatoda' parameter to inject malicious script into a Web page.

Affected

geccBBlite version 0.1 and prior

References

http://groups.csail.mit.edu/pag/ardilla/
http://xforce.iss.net/xforce/xfdb/56278

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4649

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Solr Directory Traversal Vulnerability Jan-14
Adobe ColdFusion HTTP Response Splitting Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability

geccBBlite Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities