Summary
XODA is prone to an arbitrary file-upload vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker could exploit these issues to execute arbitrary script code in a user's browser in the context of the affected site or execute arbitrary code on the server.
XODA 0.4.5 is vulnerable
other versions may also be affected.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 9.7
AV:N/AC:L/Au:N/C:C/I:C/A:P
Related Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Astium VoIP PBX SQL Injection Vulnerability
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Adobe ColdFusion Authentication Bypass Vulnerability
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities