Web application abuses : YaCy Peer-To-Peer Search Engine XSS

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.16058

Kategorie: Web application abuses

Titel: YaCy Peer-To-Peer Search Engine XSS

Zusammenfassung: The remote host contains a peer-to-peer search engine that is prone to;cross-site scripting attacks.;;Description :;;The remote host runs YaCy, a peer-to-peer distributed web search;engine and caching web proxy.;;The remote version of this software is vulnerable to multiple;cross-site scripting due to a lack of sanitization of user-supplied;data.;;Successful exploitation of this issue may allow an attacker to use the;remote server to perform an attack against a third-party user.

Beschreibung: Summary:
The remote host contains a peer-to-peer search engine that is prone to
cross-site scripting attacks.

Description :

The remote host runs YaCy, a peer-to-peer distributed web search
engine and caching web proxy.

The remote version of this software is vulnerable to multiple
cross-site scripting due to a lack of sanitization of user-supplied
data.

Successful exploitation of this issue may allow an attacker to use the
remote server to perform an attack against a third-party user.

Solution:
Upgrade to YaCy 0.32 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: BugTraq ID: 12104
Common Vulnerability Exposure (CVE) ID: CVE-2004-2651
http://www.securityfocus.com/bid/12104
Bugtraq: 20041224 XSS in yacy 0.31 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2004-12/0413.html
http://www.osvdb.org/12629
http://www.osvdb.org/12630
http://securitytracker.com/id?1012686
XForce ISS Database: yacy-index-xss(18688)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18688
XForce ISS Database: yacy-wiki-xss(18690)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18690

Copyright Copyright (C) 2004 David Maciejak

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.16058
Kategorie:	Web application abuses
Titel:	YaCy Peer-To-Peer Search Engine XSS
Zusammenfassung:	The remote host contains a peer-to-peer search engine that is prone to;cross-site scripting attacks.;;Description :;;The remote host runs YaCy, a peer-to-peer distributed web search;engine and caching web proxy.;;The remote version of this software is vulnerable to multiple;cross-site scripting due to a lack of sanitization of user-supplied;data.;;Successful exploitation of this issue may allow an attacker to use the;remote server to perform an attack against a third-party user.
Beschreibung:	Summary: The remote host contains a peer-to-peer search engine that is prone to cross-site scripting attacks. Description : The remote host runs YaCy, a peer-to-peer distributed web search engine and caching web proxy. The remote version of this software is vulnerable to multiple cross-site scripting due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to use the remote server to perform an attack against a third-party user. Solution: Upgrade to YaCy 0.32 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	BugTraq ID: 12104 Common Vulnerability Exposure (CVE) ID: CVE-2004-2651 http://www.securityfocus.com/bid/12104 Bugtraq: 20041224 XSS in yacy 0.31 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-12/0413.html http://www.osvdb.org/12629 http://www.osvdb.org/12630 http://securitytracker.com/id?1012686 XForce ISS Database: yacy-index-xss(18688) https://exchange.xforce.ibmcloud.com/vulnerabilities/18688 XForce ISS Database: yacy-wiki-xss(18690) https://exchange.xforce.ibmcloud.com/vulnerabilities/18690
Copyright	Copyright (C) 2004 David Maciejak