Summary
This host is running Seo Panel and is prone to multiple Cross- site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.
Impact Level: Application
Solution
Upgrade to version 2.2.0 or later,
For updates refer to http://sourceforge.net/projects/seopanel/files
Insight
The flaws are caused by improper validation of user-supplied input by the 'index.ctrl.php' or 'controllers/settings.ctrl.php' scripts. A remote attacker could exploit this vulnerability using the default_news or sponsors parameter to inject malicious script into a Web page.
Affected
Seo Panel version 2.2.0
References
Severity
Classification
-
CVE CVE-2010-4331 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Apache Tomcat Multiple Vulnerabilities June-09
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability