NuBuilder Local File Include And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

nuBuilder is prone to a local file-include vulnerability and a cross- site scripting vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the webserver process. Information harvested may aid in further attacks. The attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials and launch other attacks. nuBuilder 10.04.20 is vulnerable other versions may also be affected.

References

http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html
http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.html
http://www.nubuilder.com/nubuilderwww/
https://www.securityfocus.com/bid/41404

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2849

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
/doc directory browsable ?

nuBuilder Local File Include and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities