Summary
nuBuilder is prone to a local file-include vulnerability and a cross- site scripting vulnerability because it fails to properly sanitize user- supplied input.
An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks.
The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials and launch other attacks.
nuBuilder 10.04.20 is vulnerable
other versions may also be affected.
References
Severity
Classification
-
CVE CVE-2010-2849 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability