Web application abuses : BackupPC < 3.2.1 Multiple XSS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802622

Categoría: Web application abuses

Título: BackupPC < 3.2.1 Multiple XSS Vulnerabilities - Active Check

Resumen: BackupPC is prone to multiple cross-site scripting (XSS); vulnerabilities.

Descripción: Summary:
BackupPC is prone to multiple cross-site scripting (XSS)
vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to improper validation of user-supplied
input to 'num' and 'share' parameters in index.cgi, which allows attackers to execute arbitrary
HTML and script code in a user's browser session in the context of an affected site.

Vulnerability Impact:
Successful exploitation will allow remote attackers to insert
arbitrary HTML and script code, which will be executed in a user's browser session in the context
of an affected site.

Affected Software/OS:
BackupPC version 3.2.0 and prior.

Solution:
Update to version 3.2.1 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3361
BugTraq ID: 50406
http://www.securityfocus.com/bid/50406
https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html
http://sourceforge.net/mailarchive/message.php?msg_id=26919997
http://www.openwall.com/lists/oss-security/2011/09/13/3
http://www.openwall.com/lists/oss-security/2011/09/14/7
http://secunia.com/advisories/44259
http://secunia.com/advisories/46621
http://ubuntu.com/usn/usn-1249-1
XForce ISS Database: backuppc-num-xss(71030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71030
Common Vulnerability Exposure (CVE) ID: CVE-2011-5081
Bugtraq: 20110428 HTB22965: Multiple XSS vulnerabilities in BackupPC (Google Search)
http://seclists.org/bugtraq/2011/Apr/266
http://www.osvdb.org/72055
http://secunia.com/advisories/44385
XForce ISS Database: backuppc-index-xss(67170)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67170
Common Vulnerability Exposure (CVE) ID: CVE-2011-4923
46615
http://secunia.com/advisories/46615
50406
USN-1249-1
[oss-security] 20111027 CVE Request: Security issue in backuppc
http://www.openwall.com/lists/oss-security/2011/10/27/8
[oss-security] 20120104 Re: CVE Request: Security issue in backuppc
http://www.openwall.com/lists/oss-security/2012/01/04/15
backuppc-num-xss(71030)

Copyright Copyright (C) 2012 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802622
Categoría:	Web application abuses
Título:	BackupPC < 3.2.1 Multiple XSS Vulnerabilities - Active Check
Resumen:	BackupPC is prone to multiple cross-site scripting (XSS); vulnerabilities.
Descripción:	Summary: BackupPC is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: Multiple flaws are due to improper validation of user-supplied input to 'num' and 'share' parameters in index.cgi, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Vulnerability Impact: Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Affected Software/OS: BackupPC version 3.2.0 and prior. Solution: Update to version 3.2.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3361 BugTraq ID: 50406 http://www.securityfocus.com/bid/50406 https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html http://sourceforge.net/mailarchive/message.php?msg_id=26919997 http://www.openwall.com/lists/oss-security/2011/09/13/3 http://www.openwall.com/lists/oss-security/2011/09/14/7 http://secunia.com/advisories/44259 http://secunia.com/advisories/46621 http://ubuntu.com/usn/usn-1249-1 XForce ISS Database: backuppc-num-xss(71030) https://exchange.xforce.ibmcloud.com/vulnerabilities/71030 Common Vulnerability Exposure (CVE) ID: CVE-2011-5081 Bugtraq: 20110428 HTB22965: Multiple XSS vulnerabilities in BackupPC (Google Search) http://seclists.org/bugtraq/2011/Apr/266 http://www.osvdb.org/72055 http://secunia.com/advisories/44385 XForce ISS Database: backuppc-index-xss(67170) https://exchange.xforce.ibmcloud.com/vulnerabilities/67170 Common Vulnerability Exposure (CVE) ID: CVE-2011-4923 46615 http://secunia.com/advisories/46615 50406 USN-1249-1 [oss-security] 20111027 CVE Request: Security issue in backuppc http://www.openwall.com/lists/oss-security/2011/10/27/8 [oss-security] 20120104 Re: CVE Request: Security issue in backuppc http://www.openwall.com/lists/oss-security/2012/01/04/15 backuppc-num-xss(71030)
Copyright	Copyright (C) 2012 Greenbone Networks GmbH