Summary
Siteframe 2.2.4 has a cross site scripting bug. An attacker may use it to perform a cross site scripting attack on this host.
In addition to this, another flaw in this package may allow an attacker to obtain the physical path to the remote web root.
Solution
Upgrade to a newer version.
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities