Telaen Multiple Vulnerabilities Network Vulnerability

Summary

This host is running Telaen and is prone to multiple vulnerabilities.

Impact

Successful exploitation could allow attackers to perform open redirection, obtain sensitive information and execute arbitrary code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Upgrade to Telaen version 1.3.1 or later For updates refer to http://www.telaen.com

Insight

The flaws are due to, - Improper validation of input passed to 'f_email' parameter upon submission to the '/telaen/index.php' script. - Improper validation of user-supplied input upon submission to the '/telaen/redir.php' script. - Issue when requested for the '/telaen/inc/init.php' script.

Affected

Telaen version 1.3.0 and prior

References

http://seclists.org/bugtraq/2013/Jun/12
http://www.osvdb.org/93837
http://www.osvdb.org/93838
http://www.osvdb.org/93839

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-2621, CVE-2013-2623, CVE-2013-2624

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advanced Image Hosting Cross Site Scripting Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Take action and discover your vulnerabilities