PT-2005-3705 · Maxdev · Maxdev Md-Pro

Publicado

2005-09-07

Atualizado

2008-09-05

CVE-2005-2839

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions MAXdev MD-Pro version 1.0.72

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific API endpoints, such as "dl-search.php" or "wl-search.php".

Recommendations For MAXdev MD-Pro version 1.0.72, consider disabling access to the "dl-search.php" and "wl-search.php" endpoints until a patch is available. Restrict input validation for these endpoints to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-2839

Produtos afetados

Maxdev Md-Pro

PT-2005-3705 · Maxdev · Maxdev Md-Pro

CVE-2005-2839

Identificadores relacionados

Produtos afetados

Referências · 3