Summary
The host is running tDiary and is prone to Cross-Site Scripting Vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Update to version 2.2.3 or later.
For updates refer to http://www.tdiary.org/
Insight
The flaw is due to improper validation of the 'plugin_tb_url' and 'plugin_tb_excerpt' parameters upon submission to the tb-send.rb plugin script.
Affected
tDiary versions prior to 2.2.3
References
Severity
Classification
-
CVE CVE-2010-0726 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities