ID de Prueba:	1.3.6.1.4.1.25623.1.0.803316
Categoría:	Web application abuses
Título:	glFusion Multiple Cross-Site Scripting Vulnerabilities
Resumen:	glFusion is prone to multiple cross-site scripting vulnerabilities.
Descripción:	Summary: glFusion is prone to multiple cross-site scripting vulnerabilities. Vulnerability Insight: The flaws are due - Insufficient filtration of user data in URL after '/admin/plugins/mediagallery/xppubwiz.php' - Insufficient filtration of user data passed to '/profiles.php', '/calendar/index.php' and '/links/index.php' via following parameters, 'subject', 'title', 'url', 'address1', 'address2', 'calendar_type', 'city', 'state', 'title', 'url', 'zipcode'. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code in the browser to steal cookie-based authentication credentials and launch other attacks. Affected Software/OS: glFusion version 1.2.2 and prior Solution: Upgrade to the latest version of glFusion 1.2.2.pl4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1466 Bugtraq: 20130220 Multiple Cross-Site Scripting (XSS) in glFusion (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html http://www.exploit-db.com/exploits/24536 http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html https://www.htbridge.com/advisory/HTB23142 http://secunia.com/advisories/52255 XForce ISS Database: glfusion-multiple-xss(82211) https://exchange.xforce.ibmcloud.com/vulnerabilities/82211
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.