Summary
This host is running Simple Invoices and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed.
Impact Level: Application
Solution
Upgrade to Simple Invoices version 2012-1 or later.
For updates refer to http://www.simpleinvoices.org/
Insight
Input passed via the 'having' parameter to index.php (when 'module' and 'view' are set to different actions) is not properly sanitised before it is returned to the user.
Affected
Simple Invoices version 2011.1 and prior
References
Severity
Classification
-
CVE CVE-2012-4932 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- 3Com NBX VoIP NetSet Detection
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability