Summary
The host is installed with WoW Raid Manager and is prone to Cross-Site Scripting vulnerability.
Impact
Successful remote exploitation will let the attacker execute arbitrary code in the scope of the application. As a result the attacker may gain sensitive information and use it to redirect the user to any other malicious URL.
Impact Level: Application
Solution
Upgrade to version 3.5.1
http://www.wowraidmanager.net/downloadrel.php
Insight
The flaw exists due to WoW Raid Manager fails to properly sanitise user supplied input.
Affected
WoW Raid Manager versions prior to 3.5.1.
References
Severity
Classification
-
CVE CVE-2008-6161 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
- Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Apple Safari 'background' Remote Denial Of Service Vulnerability