Vaadin URI Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

This web application is running with the Vaadin Framework which is prone to a Cross-Site Scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected application.

Solution

Upgrade to Vaadin Framework version 6.4.9 or later For updates refer to http://vaadin.com/releases

Insight

Input passed to the 'URL' parameter in 'index.php', is not properly sanitised before being returned to the user.

Affected

Vaadin Framework versions from 6.0.0 up to 6.4.8

Detection

Check the version.

References

http://osvdb.org/70398
http://secunia.com/advisories/42879
http://www.securityfocus.com/bid/45779
http://www.vaadin.com/download/release/6.4/6.4.9/release-notes.html
http://xforce.iss.net/xforce/xfdb/64626

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0509

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Continuum Cross Site Scripting Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
AlienForm CGI script
Apache Tiles Multiple XSS Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities

Take action and discover your vulnerabilities