Stoneware WebNetwork Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is installed with Stoneware webNetwork and is prone to multiple cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML or web script in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Stoneware webNetwork 6.1 SP1 or later, For updates refer to http://www.stone-ware.com/webnetwork

Insight

Multiple flaws exists because application does the validate, - 'blogName' parameter passed to blog.jsp and blogSearch.jsp - 'calendarType' and 'monthNumber' parameters passed to calendar.jsp - 'flag' parameter passed to swDashboard/ajax/setAppFlag.jsp

Affected

Stoneware WebNetwork 6.1 before SP1

References

http://infosec42.blogspot.in/2012/10/stoneware-webnetwork-61-reflective-xss.html
http://stoneware-docs.s3.amazonaws.com/Bulletins/Security%20Bulletin%206_1_0.pdf
http://www.osvdb.com/88359

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4352

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Stoneware webNetwork Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities