NuSOAP 'nusoap.php' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running NuSOAP and is prone to Cross-site scripting Vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Impact Level: Application.

Solution

Apply the patch provided by vendor. For updates refer to http://nusoap.sourceforge.net/

Insight

The flaw is due to an input validation error in /api/soap/mantisconnect.php in NuSOAP.

Affected

NuSOAP version 0.9.5.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048325.html
http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005
http://www.mantisbt.org/bugs/view.php?id=12312

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3070

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Apache Open For Business HTML injection vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14

Take action and discover your vulnerabilities