PT-2009-4310 · Lussumo · Lussumo Vanilla
Published
2009-06-01
·
Updated
2018-10-10
·
CVE-2009-1845
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Lussumo Vanilla versions 1.1.5 through 1.1.7
Description:
A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
RequestName parameter in the "ajax/updatecheck.php" endpoint.Recommendations:
For versions 1.1.5 through 1.1.7, consider restricting access to the "ajax/updatecheck.php" endpoint until a fix is available, and avoid using the
RequestName parameter in this endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lussumo Vanilla