Summary
Sahana Agasti is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process, which may aid in redirecting users to a potentially malicious site. This may allow the attacker to compromise the application and the computer and may aid in phishing attacks
other attacks are also possible.
Sahana Agasti versions 0.6.5 and prior are vulnerable.
Solution
Vendor updates are available. Please contact the vendor for details.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AN Guestbook Local File Inclusion Vulnerability
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability