PT-2009-2526 · Bandsite · Bandsite Cms

Sirgod

Published

2009-08-24

Updated

2017-09-29

CVE-2008-7057

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions BandSite CMS version 1.1.4

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary HTML or web script via the type parameter in the merchandise.php file.

Recommendations For BandSite CMS version 1.1.4, avoid using the type parameter in the merchandise.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the type parameter to prevent malicious script injection.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-7057

Affected Products

Bandsite Cms

PT-2009-2526 · Bandsite · Bandsite Cms

CVE-2008-7057

Weakness Enumeration

Related Identifiers

Affected Products

References · 5