PT-2006-1737 · Vhcs · Virtual Hosting Control System

Román Medina-Heigl Hernández

Published

2006-02-15

Updated

2018-10-19

CVE-2006-0683

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Virtual Hosting Control System (VHCS) versions 2.4.7.1 with v.1 patch and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.

Recommendations For Virtual Hosting Control System (VHCS) versions 2.4.7.1 with v.1 patch and earlier, consider disabling the admin log utility until a patch is available to prevent exploitation of the XSS issue via the username variable.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0683

Affected Products

Virtual Hosting Control System

PT-2006-1737 · Vhcs · Virtual Hosting Control System

CVE-2006-0683

Related Identifiers

Affected Products

References · 7