Flogr version 2.5.6 and probably prior suffers from cross-site scripting (XSS) vulnerability (CVE-2012-4336).
Input appended to the URL after "index.php"; via arbitrary GET parameter to "index.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in user's browser session in context of an affected website.
Vulnerability ID: HTB23110
Vendor Notification / Public Disclosure Dates: August 15 / September 5, 2012
Vulnerability Type: Cross-Site Scripting [CWE-79]
Risk level: Medium [CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)]
More information is available on the advisory page.
No comments:
Post a Comment