Pinnacle ShowCenter Skin XSS Network Vulnerability

Summary

The remote host runs the Pinnacle ShowCenter web based interface. The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on skin parameter in the SettingsBase.php script. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution

Upgrade to the newest version of this software.

Severity

Classification

CVE CVE-2004-1700

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Directory Listing and File disclosure
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Subversion Module Metadata Accessible
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
/cgi-bin directory browsable ?

Take action and discover your vulnerabilities