PT-2005-5050 · Hot Banana · Hot Banana Web Content Management Suite

Publicado

2005-12-20

Atualizado

2011-03-08

CVE-2005-4364

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Hot Banana Web Content Management Suite version 5.3

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the keywords parameter in the "index.cfm" file.

Recommendations For Hot Banana Web Content Management Suite version 5.3, avoid using the keywords parameter in the index.cfm file until a fix is available. As a temporary workaround, consider restricting access to the index.cfm file to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-4364

Produtos afetados

Hot Banana Web Content Management Suite

PT-2005-5050 · Hot Banana · Hot Banana Web Content Management Suite

CVE-2005-4364

Identificadores relacionados

Produtos afetados

Referências · 8