OCS Inventory NG Persistent Cross-site Scripting Vulnerability Network Vulnerability

Summary

This host is running OCS Inventory NG and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Impact Level: Application/System

Solution

Upgrade to OCS Inventory NG version 2.0.2 or later For updates refer to http://www.ocsinventory-ng.org/fr/

Insight

The flaw exists due to certain system information passed via a 'POST' request to '/ocsinventory' is not properly sanitised before being used.

Affected

OCS Inventory NG version 2.0.1 and prior

References

http://osvdb.org/76135
http://secunia.com/advisories/46311
http://www.exploit-db.com/exploits/18005/
http://xforce.iss.net/xforce/xfdb/70406

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4024

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities