PhpSound Multiple Cross-Site Scripting (XSS) Vulnerabilities Network Vulnerability

Summary

This host is installed with phpSound and is prone to multiple xss vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in the context of an affected site. Impact Level: Application

Solution

No solution or patch is available as of 30th January, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://phpsound.com

Insight

Flaws are due to improper sanitization of user supplied input passed via 'Title', 'Description', and 'filter' parameters in an explore action to index.php script.

Affected

phpSound version 1.0.5, prior versions may also be affected.

Detection

Send a crafted request via HTTP GET and check whether it is able to read cookie or not.

References

http://packetstormsecurity.com/files/129104
http://www.exploit-db.com/exploits/35198

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8954

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Apache Tomcat DOS Device Name XSS
AMSI 'file' Parameter Directory Traversal Vulnerability
Apache Tiles Multiple XSS Vulnerability
AlienForm CGI script

phpSound Multiple Cross-Site Scripting (XSS) Vulnerabilities

Take action and discover your vulnerabilities