Summary
Siteframe 2.2.4 has a cross site scripting bug. An attacker may use it to perform a cross site scripting attack on this host.
In addition to this, another flaw in this package may allow an attacker to obtain the physical path to the remote web root.
Solution
Upgrade to a newer version.
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari Multiple Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability