This host is installed Transform Foundation Server and is prone to multiple cross site scripting vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

Apply updates from the below link, http://bot24.blogspot.in/2014/06/cve-2014-2577-xss-on-transform.html

Multiple flaws exists due to an, - Improper validation of input passed via 'db' and 'referer' POST parameters passed to /index.fsp/index.fsp script. - Improper validation of the input passed via 'pn' GET parameter passed to /index.fsp script. - Improper validation of input passed via the URL before returning it to users.

Transform Foundation Server version 4.3.1 and 5.2

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://bot24.blogspot.in/2014/06/cve-2014-2577-xss-on-transform.html
• http://packetstormsecurity.com/files/126907
• http://seclists.org/bugtraq/2014/Jun/34
• http://www.osvdb.com/107664
• http://www.osvdb.com/107665
• http://www.osvdb.com/107666

---

Updated on 2015-03-25