ID de Prueba:	1.3.6.1.4.1.25623.1.0.801911
Categoría:	Web application abuses
Título:	AR Web Content Manager (AWCM) 'search.php' Cross Site Scripting Vulnerability
Resumen:	AR Web Content Manager (AWCM) is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: AR Web Content Manager (AWCM) is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Input passed via the 'search' parameter in 'search' action in search.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and launch further attacks. Vulnerability Impact: Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application. Affected Software/OS: AWCM CMS version 2.2 and prior Solution: Apply the patch from below link. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1668 BugTraq ID: 47126 http://www.securityfocus.com/bid/47126 Bugtraq: 20110401 AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517294/100/0/threaded http://secpod.org/advisories/SECPOD_AWCM_XSS.txt http://securityreason.com/securityalert/8193 XForce ISS Database: arwebcontentmanager-search-xss(66536) https://exchange.xforce.ibmcloud.com/vulnerabilities/66536
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.