ID de Prueba:	1.3.6.1.4.1.25623.1.0.800934
Categoría:	Web application abuses
Título:	Buildbot 'waterfall.py' Cross-Site Scripting Vulnerability
Resumen:	Buildbot is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: Buildbot is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: This flaw arise because user supplied data passed into the waterfall web status view in status/web/waterfall.py is not sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow attacker to inject arbitrary web script or HTML via unspecified vectors and conduct cross-site scripting attacks. Affected Software/OS: Buildbot version 0.7.6 through 0.7.11p1 on all platforms. Solution: Upgrade to version 0.7.11p2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2959 BugTraq ID: 36100 http://www.securityfocus.com/bid/36100 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.html http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908121232mb790a6cn787ac3de90e8bc31%40mail.gmail.com http://secunia.com/advisories/36352 http://secunia.com/advisories/36418 http://www.vupen.com/english/advisories/2009/2352
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.