PT-2009-5507 · Pad · Pad Site Scripts
Mr.Sql
·
Publicado
2009-09-15
·
Atualizado
2017-09-19
·
CVE-2009-3191
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PAD Site Scripts version 3.6
Description
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the
cat parameter to API endpoints such as "rss.php" and "opml.php".Recommendations
For PAD Site Scripts version 3.6, consider disabling access to the "rss.php" and "opml.php" endpoints until a patch is available to prevent exploitation through the
cat parameter.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pad Site Scripts