Summary
The host is installed with PragmaMX and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML or web script in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to PragmaMx 1.12.2 or later,
For updates refer to http://www.pragmamx.org
Insight
Multiple flaws due to input passed via 'name' parameter to modules.php and 'img_url' parameter to img_popup.php is not properly sanitised before being returned to the user.
Affected
PragmaMX version 1.12.1 and prior
References
Severity
Classification
-
CVE CVE-2012-2452 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Solr Directory Traversal Vulnerability Jan-14