PT-2010-2828 · Klonews · Klonews
Publicado
2010-03-25
·
Atualizado
2010-03-26
·
CVE-2010-1112
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
KloNews version 2.0
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
cat parameter in the cat.php file.Recommendations
For KloNews version 2.0, consider restricting access to the cat.php file or validating and sanitizing the
cat parameter to prevent injection of malicious scripts. As a temporary workaround, avoid using the cat parameter in the cat.php file until a patch is available.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Klonews