ID de Prueba:	1.3.6.1.4.1.25623.1.0.100181
Categoría:	Web application abuses
Título:	TorrentTrader Classic 'msg' Parameter HTML Injection Vulnerability
Resumen:	TorrentTrader is prone to an HTML-injection vulnerability because it; fails to adequately sanitize user-supplied input.
Descripción:	Summary: TorrentTrader is prone to an HTML-injection vulnerability because it fails to adequately sanitize user-supplied input. Vulnerability Impact: Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Other attacks are also possible. Affected Software/OS: TorrentTrader Classic 1.08 is affected. Other versions may also be vulnerable. Solution: This issue has been addressed in the revision 25/03/08 of Torrent Classic 1.08. Update to Torrent Classic 1.09. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1173 BugTraq ID: 28082 http://www.securityfocus.com/bid/28082 Bugtraq: 20080303 Cross-site Scripting and CSRF in TorrentTrader Classic v1.08 (Google Search) http://www.securityfocus.com/archive/1/489039/100/0/threaded http://secunia.com/advisories/29220 http://securityreason.com/securityalert/3713 XForce ISS Database: torrenttraderclassic-accountinbox-xss(40980) https://exchange.xforce.ibmcloud.com/vulnerabilities/40980
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.