Summary
The host is running geccBBlite and is prone to multiple Cross-Site Scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to geccBBlite version 0.2 or later.
For updates refer to http://sourceforge.net/projects/geccnuke/
Insight
Flaws are caused by improper validation of user-supplied input in multiple scripts. This can be exploited using the 'postatoda' parameter to inject malicious script into a Web page.
Affected
geccBBlite version 0.1 and prior
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4649 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS