 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.805191 |
| Categoría: | Web application abuses |
| Título: | Offiria Cross-Site Scripting Vulnerability |
| Resumen: | Offiria is prone to a cross-site scripting (XSS) vulnerability. |
| Descripción: | Summary: Offiria is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Flaw is due to insufficient sanitization of user-supplied data in URI after '/installer/index.php' script is not removed from the system by default. Vulnerability Impact: Successful exploitation will allow remote attackers to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Offiria version 2.1.1 and probably prior. Solution: As a workaround remove the vulnerable script or restrict access to it via .htaccess file or WAF. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-2689 BugTraq ID: 66657 http://www.securityfocus.com/bid/66657 Bugtraq: 20140507 Cross-Site Scripting (XSS) in Offiria (Google Search) http://www.securityfocus.com/archive/1/532048/100/0/threaded https://www.htbridge.com/advisory/HTB23210 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |