PT-2006-4269 · Jmb · Autorank Pro+1

Published

2006-07-06

Updated

2018-10-18

CVE-2006-3377

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions JMB Software AutoRank PHP versions 3.02 and earlier JMB Software AutoRank Pro versions 5.01 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the Keyword parameter in the "search.php" endpoint and the Username parameter in the "main.cgi" endpoint.

Recommendations For JMB Software AutoRank PHP versions 3.02 and earlier, avoid using the Keyword parameter in the "search.php" endpoint until a fix is available. For JMB Software AutoRank Pro versions 5.01 and earlier, restrict the use of the Username parameter in the "main.cgi" endpoint to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3377

Affected Products

Autorank Php

Autorank Pro

PT-2006-4269 · Jmb · Autorank Pro+1

CVE-2006-3377

Related Identifiers

Affected Products

References · 11