Summary
This host is installed with Plain Black
WebGUI and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attacker to
execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
No solution or patch is available as of
23rd January, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.webgui.org
Insight
The error exists as the style_underground/search
script does not validate input before returning it to users.
Affected
Plain Black WebGUI version 7.10.29.
Previous version maybe vulnerable also.
Detection
Send a crafted HTTP GET request and check
whether it is able read the cookie or not.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Apache ActiveMQ Multiple Vulnerabilities