pragmaMx version 1.12.1 and probably prior suffers from multiple cross-site scripting (XSS) vulnerabilities:
Input passed via a name of a GET parameter to "modules.php", "img_url" GET parameter to "includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php" scripts are not properly sanitised before being returned to the user.
Vulnerability ID: HTB23090
Vendor Notification / Patch / Public Disclosure Dates: 2 May / 4 May / 23 May 2012
Vulnerabilities Type: Cross-Site Scripting (XSS)
Risk level: Medium
Solution: Fixed by Vendor, upgrade to pragmaMx 1.12.2
No comments:
Post a Comment