Web application abuses : Eugene Ajenti 'respond_error' Multiple Cross-Site Scripting Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804654

Categoría: Web application abuses

Título: Eugene Ajenti 'respond_error' Multiple Cross-Site Scripting Vulnerabilities

Resumen: Eugene Ajenti is prone to multiple cross-site scripting vulnerability.

Descripción: Summary:
Eugene Ajenti is prone to multiple cross-site scripting vulnerability.

Vulnerability Insight:
The flaws exist due to 'respond_error' function in routing.py which does not
validate input passed via the URL to resources.js and resources.css before
returning it to users.

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary HTML and
script code in a user's browser session in the context of an affected site.

Affected Software/OS:
Eugene Pankov Ajenti before version 1.2.21.7.

Solution:
Upgrade to Eugene Pankov Ajenti version 1.2.21.7 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-4301
BugTraq ID: 68047
http://www.securityfocus.com/bid/68047
https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti
http://secunia.com/advisories/59177

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804654
Categoría:	Web application abuses
Título:	Eugene Ajenti 'respond_error' Multiple Cross-Site Scripting Vulnerabilities
Resumen:	Eugene Ajenti is prone to multiple cross-site scripting vulnerability.
Descripción:	Summary: Eugene Ajenti is prone to multiple cross-site scripting vulnerability. Vulnerability Insight: The flaws exist due to 'respond_error' function in routing.py which does not validate input passed via the URL to resources.js and resources.css before returning it to users. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Eugene Pankov Ajenti before version 1.2.21.7. Solution: Upgrade to Eugene Pankov Ajenti version 1.2.21.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4301 BugTraq ID: 68047 http://www.securityfocus.com/bid/68047 https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti http://secunia.com/advisories/59177
Copyright	Copyright (C) 2014 Greenbone AG