Summary
Pligg is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.
An attacker can exploit these issues to steal cookie-based authentication credentials or perform unauthorized actions when masquerading as the victim. Other attacks are also possible.
Versions prior to Pligg 1.0.3 are vulnerable.
Solution
Vendor updates are available. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2009-4786, CVE-2009-4787, CVE-2009-4788 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities