Summary
This host is installed with Wordpress WP-Ecommerce with Bradesco Gateway Plugin and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
No Solution or patch is available as of 12th June, 2014. Information regarding this issue will updated once the solution details are available.
For updates refer to https://github.com/wp-plugins/bradesco-gateway
Insight
Input passed via the HTTP GET parameter to falha.php script is not properly sanitised before returning to the user.
Affected
WordPress WP-Ecommerce Plugin with Bradesco Gateway version 2.0, Other version may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2013-5916 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Subversion Module Metadata Accessible
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability