Summary
This host is installed with Webtrees and
is prone to xss vulnerability.
Impact
Successful exploitation will allow attacker
to execute arbitrary HTML and script code in the context of an affected site.
Impact Level: Application
Solution
Update to version 1.5.2 or later,
For updates refer, http://www.webtrees.net/index.php/en
Insight
Flaw is due to the modules_v3/googlemap/
wt_v3_street_view.php script does not validate input to the 'map' parameter before returning it to users.
Affected
webtrees version before 1.5.2
Detection
Send a crafted request via HTTP GET and
check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-100006 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat TroubleShooter Servlet Installed
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability