Summary
The remote web server contains a CGI which is vulnerable to a cross site scripting issue.
Description :
The remote host is running ArticleLive, a set of CGIs designed to simplify the management of a news site.
Due to improper filtering done by the script 'newcomment' remote attacker can cause the ArticleLive product to include arbitrary HTML and/or JavaScript, and therefore use the remote host to perform cross-site scripting attacks.
Solution
Upgrade to the newest version of this software
Severity
Classification
-
CVE CVE-2005-0881 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability