Pligg Cross Site Scripting And Request Forgery Remote Vulnerabilities Network Vulnerability

Summary

Pligg is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker can exploit these issues to steal cookie-based authentication credentials or perform unauthorized actions when masquerading as the victim. Other attacks are also possible. Versions prior to Pligg 1.0.3 are vulnerable.

Solution

Vendor updates are available. Please see the references for details.

References

http://holisticinfosec.org/content/view/130/45/
http://www.pligg.com/
http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/
http://www.securityfocus.com/bid/37185

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4786, CVE-2009-4787, CVE-2009-4788

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability

Take action and discover your vulnerabilities