PT-2012-4382 · Yandex · Yandex.Server 2010
Publicado
2012-05-27
·
Atualizado
2017-08-29
·
CVE-2012-2941
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Yandex.Server 2010 version 9.0 Enterprise
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
text parameter in the search functionality.Recommendations
For Yandex.Server 2010 version 9.0 Enterprise, consider restricting access to the search functionality until a fix is available. As a temporary workaround, avoid using the
text parameter in the affected search endpoint to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Yandex.Server 2010