Icy Phoenix Multiple Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Icy Phoenix and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

An error exists in the application which fails to properly sanitize user-supplied input to "subject" parameter before using it.

Affected

Icy Phoenix version 2.0, Lower versions may also be affected.

Detection

Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.

References

http://packetstormsecurity.com/files/117197
http://packetstormsecurity.com/files/123446
http://secunia.com/advisories/50890
http://xforce.iss.net/xforce/xfdb/79115

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AN Guestbook Local File Inclusion Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache Rave User Information Disclosure Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability
Apache Tomcat Multiple Vulnerabilities June-09

Take action and discover your vulnerabilities