ID de Prueba:	1.3.6.1.4.1.25623.1.0.902318
Categoría:	Web application abuses
Título:	NuSOAP 0.9.5 'nusoap.php' XSS Vulnerability
Resumen:	NuSOAP is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: NuSOAP is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to an input validation error in /api/soap/mantisconnect.php in NuSOAP. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Affected Software/OS: NuSOAP version 0.9.5. Solution: Apply the patch provided by vendor. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3070 41653 http://secunia.com/advisories/41653 42959 http://www.securityfocus.com/bid/42959 ADV-2010-2535 http://www.vupen.com/english/advisories/2010/2535 FEDORA-2010-14098 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048317.html FEDORA-2010-14100 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048325.html FEDORA-2010-15061 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html FEDORA-2010-15080 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html FEDORA-2010-15082 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html [mantisbt-announce] 20100914 MantisBT 1.2.3 Released http://sourceforge.net/mailarchive/message.php?msg_name=4C8FC573.3060900%40leetcode.net [oss-security] 20100903 CVE request: XSS in nusoap http://www.openwall.com/lists/oss-security/2010/09/03/2 [oss-security] 20100907 Re: CVE request: XSS in nusoap http://www.openwall.com/lists/oss-security/2010/09/07/4 [oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS) http://www.openwall.com/lists/oss-security/2010/09/14/12 [oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS) http://www.openwall.com/lists/oss-security/2010/09/14/13 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595248 http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blob%3Bf=debian/patches/595248.patch%3Bh=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=268f03b88c6900d1a87b17734c248c705c22cb07 http://git.debian.org/?p=users/olberger-guest/nusoap.git%3Ba=blobdiff%3Bf=debian/patches/595248.patch%3Bh=11202fa70433b62aeab7dfc68af668329bc0fe7e%3Bhp=6af3d725fe74d839764d9755c5bb18458a192518%3Bhb=3ac7a26a49086c6b91fb79e5acafcfcdc5d6980a%3Bhpb=268f03b88c6900d1a87b17734c248c705c22cb07 http://git.mantisbt.org/?p=mantisbt.git%3Ba=commit%3Bh=edb817991b99cd5538f102be26865fde7c6b7212 http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005 http://www.mantisbt.org/bugs/changelog_page.php?version_id=111 http://www.mantisbt.org/bugs/view.php?id=12312 https://bugzilla.redhat.com/show_bug.cgi?id=629585 https://bugzilla.redhat.com/show_bug.cgi?id=633011
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.