Summary
This host is installed with phpSound and
is prone to multiple xss vulnerabilities.
Impact
Successful exploitation will allow attacker
to execute arbitrary HTML and script code in the context of an affected site.
Impact Level: Application
Solution
No solution or patch is available as of
30th January, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://phpsound.com
Insight
Flaws are due to improper sanitization of
user supplied input passed via 'Title', 'Description', and 'filter' parameters in an explore action to index.php script.
Affected
phpSound version 1.0.5, prior versions
may also be affected.
Detection
Send a crafted request via HTTP GET and
check whether it is able to read cookie or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8954 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability