TorrentTrader 'msg' Parameter HTML Injection Vulnerability Network Vulnerability

Summary

TorrentTrader is prone to an HTML-injection vulnerability because it fails to adequately sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user other attacks are also possible. TorrentTrader Classic 1.08 is affected other versions may also be vulnerable.

Solution

This issue has been addressed in the revision 25/03/08 of Torrent Classic 1.08. Update to Torrent Classic 1.09.

References

http://sourceforge.net/project/shownotes.php?group_id=98584&release_id=545219
http://www.securityfocus.com/bid/28082
http://www.torrenttrader.org/index.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-1173

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Admidio get_file.php Remote File Disclosure Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability
Apache Struts Directory Traversal Vulnerability

Take action and discover your vulnerabilities