PragmaMX Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is installed with PragmaMX and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML or web script in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to PragmaMx 1.12.2 or later, For updates refer to http://www.pragmamx.org

Insight

Multiple flaws due to input passed via 'name' parameter to modules.php and 'img_url' parameter to img_popup.php is not properly sanitised before being returned to the user.

Affected

PragmaMX version 1.12.1 and prior

References

http://osvdb.org/82058
http://osvdb.org/82059
http://packetstormsecurity.com/files/113035
http://seclists.org/bugtraq/2012/May/126
http://www.pragmamx.org/Content-pragmaMx-changelog-item-75.html
https://www.htbridge.com/advisory/HTB23090

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2452

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe JRun Management Console Multiple Vulnerabilities
Apache Struts2/XWork Remote Command Execution Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities