Summary
This host is installed with Textpattern
and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker
to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade Textpattern 4.5.7 or later,
For updates refer to http://textpattern.com
Insight
The flaw exists due to insufficient
sanitization of input data passed via URI after '/textpattern/setup/index.php' script.
Affected
Textpattern version 4.5.5 and probably prior
Detection
Send a crafted request via HTTP GET and
check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-4737 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Apache Continuum Cross Site Scripting Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability