Summary
The host is running Wiccle Web Builder or iWiccle CMS Community Builder and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected application/site.
Impact Level: Application
Solution
Upgrade to Wiccle Web Builder CMS version 1.1.0 or later, For updates refer to http://www.wiccle.com/page/download_wiccle
Upgrade to iWiccle CMS Community Builder version 1.3.0 or later, For updates refer to http://www.wiccle.com/page/download_iwiccle
Insight
The flaws are caused by improper validation of user-supplied input passed via the 'member_city', 'post_name', 'post_text', 'post_tag', 'post_member_name', 'member_username' and 'member_tags' parameters to 'index.php', that allows attackers to execute arbitrary HTML and script code on the web server.
Affected
Wiccle Web Builder CMS version 1.0.1 and prior.
iWiccle CMS Community Builder version 1.2.1.1 and prior.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Archiva Multiple Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- aeNovo Database Content Disclosure Vulnerability