PT-2009-6585 · Unknown · Active Business Directory
Publicado
2009-12-30
·
Atualizado
2017-08-17
·
CVE-2009-4464
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Active Business Directory version 2
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
search parameter in the "searchadvance.asp" page.Recommendations
For Active Business Directory version 2, consider restricting access to the search functionality until a patch is available, and avoid using the
search parameter in the vulnerable page to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Active Business Directory