SimpleID 'index.php' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running SimpleID and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application.

Solution

Upgrade to SimpleID version 0.6.5 or later For updates refer to http://sourceforge.net/projects/simpleid/files/

Insight

Input passed via the 's' parameter to 'index.php' is not properly sanitised before being returned to the user.

Affected

SimpleID version prior to 0.6.5

References

http://osvdb.org/57327

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4972

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache Archiva Multiple Vulnerabilities
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Apache Rave User Information Disclosure Vulnerability
3Com NBX VoIP NetSet Detection

Take action and discover your vulnerabilities