SGX-SP Final 'shop.cgi' Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running SGX-SP Final and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to SGX-SP Final version 11.0 or later, For updates refer to http://wb-i.net/

Insight

The flaws are caused by improper validation of user-supplied input passed to shop.cgi, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Affected

SGX-SP Final version 10.0 and prior.

References

http://osvdb.org/70410
http://secunia.com/advisories/42857
http://wb-i.net/soft1.HTML#spf
http://xforce.iss.net/xforce/xfdb/64593

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3926

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities