Web application abuses : Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802228

Categoría: Web application abuses

Título: Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities

Resumen: Wiccle Web Builder and iWiccle CMS Community Builder are prone; to multiple cross-site scripting (XSS) vulnerabilities.

Descripción: Summary:
Wiccle Web Builder and iWiccle CMS Community Builder are prone
to multiple cross-site scripting (XSS) vulnerabilities.

Vulnerability Insight:
The flaws are caused by improper validation of user-supplied
input passed via the 'member_city', 'post_name', 'post_text', 'post_tag', 'post_member_name',
'member_username' and 'member_tags' parameters to 'index.php', that allows attackers to execute
arbitrary HTML and script code on the web server.

Vulnerability Impact:
Successful exploitation will allow attackers to execute arbitrary
web script or HTML in a user's browser session in the context of an affected application/site.

Affected Software/OS:
Wiccle Web Builder CMS version 1.0.1 and prior.
iWiccle CMS Community Builder version 1.2.1.1 and prior.

Solution:
Update to Wiccle Web Builder CMS version 1.1.0 or later,
update to iWiccle CMS Community Builder version 1.3.0 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802228
Categoría:	Web application abuses
Título:	Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities
Resumen:	Wiccle Web Builder and iWiccle CMS Community Builder are prone; to multiple cross-site scripting (XSS) vulnerabilities.
Descripción:	Summary: Wiccle Web Builder and iWiccle CMS Community Builder are prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaws are caused by improper validation of user-supplied input passed via the 'member_city', 'post_name', 'post_text', 'post_tag', 'post_member_name', 'member_username' and 'member_tags' parameters to 'index.php', that allows attackers to execute arbitrary HTML and script code on the web server. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected application/site. Affected Software/OS: Wiccle Web Builder CMS version 1.0.1 and prior. iWiccle CMS Community Builder version 1.2.1.1 and prior. Solution: Update to Wiccle Web Builder CMS version 1.1.0 or later, update to iWiccle CMS Community Builder version 1.3.0 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Copyright	Copyright (C) 2011 Greenbone Networks GmbH