This host is running glFusion and is prone to multiple cross-site scripting vulnerabilities.

Successful exploitation allow remote attackers to execute arbitrary code in the browser to steal cookie-based authentication credentials and launch other attacks. Impact Level: Application

Upgrade to the latest version of glFusion 1.2.2.pl4 or later, For updates refer to http://www.glfusion.org/filemgmt/index.php

The flaws are due - Insufficient filtration of user data in URL after '/admin/plugins/mediagallery/xppubwiz.php' - Insufficient filtration of user data passed to '/profiles.php', '/calendar/index.php' and '/links/index.php' via following parameters, 'subject', 'title', 'url','address1', 'address2', 'calendar_type','city', 'state', 'title', 'url', 'zipcode'.

glFusion version 1.2.2 and prior

• http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html
• http://www.exploit-db.com/exploits/24536
• https://www.htbridge.com/advisory/HTB23142

---

Updated on 2015-03-25