Summary
The remote host runs the Pinnacle ShowCenter web based interface.
The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on skin parameter in the SettingsBase.php script.
With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Solution
Upgrade to the newest version of this software.
Severity
Classification
-
CVE CVE-2004-1700 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities