PT-2006-1737 · Vhcs · Virtual Hosting Control System

Román Medina-Heigl Hernández

Publicado

2006-02-15

Atualizado

2018-10-19

CVE-2006-0683

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Virtual Hosting Control System (VHCS) versions 2.4.7.1 with v.1 patch and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.

Recommendations For Virtual Hosting Control System (VHCS) versions 2.4.7.1 with v.1 patch and earlier, consider disabling the admin log utility until a patch is available to prevent exploitation of the XSS issue via the username variable.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-0683

Produtos afetados

Virtual Hosting Control System

PT-2006-1737 · Vhcs · Virtual Hosting Control System

CVE-2006-0683

Identificadores relacionados

Produtos afetados

Referências · 7