Summary
This host is installed with Stoneware webNetwork and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML or web script in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Stoneware webNetwork 6.1 SP1 or later,
For updates refer to http://www.stone-ware.com/webnetwork
Insight
Multiple flaws exists because application does the validate, - 'blogName' parameter passed to blog.jsp and blogSearch.jsp - 'calendarType' and 'monthNumber' parameters passed to calendar.jsp - 'flag' parameter passed to swDashboard/ajax/setAppFlag.jsp
Affected
Stoneware WebNetwork 6.1 before SP1
References
Severity
Classification
-
CVE CVE-2012-4352 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities