JpGraph Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is running JpGraph and is prone to multiple Cross-Site Scripting vulnerabilities.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and it result in XSS attack. Impact Level: Application.

Solution

Apply patches from below link, http://www.securityfocus.com/archive/1/archive/1/508586/100/0/threaded ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****

Insight

The flaw is due to the 'GetURLArguments()' function in 'jpgraph.php' not properly sanitising HTTP POST and GET parameter keys.

Affected

JpGraph version 3.0.6 and prior on all running platform.

References

http://osvdb.org/61268
http://secunia.com/advisories/37832

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4422

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities June-09
Apache Archiva Home Page Cross-Site Scripting vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities