CVE-2012-6510

Name of the Vulnerable Software and Affected Versions NetArt Media Car Portal version 3.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via several fields, including the PWRS field, Description field when posting a new vehicle, news title when creating news, Name when creating a sub user, group name when creating a group, or dealer name, first name, or last name when changing a profile.

Recommendations For NetArt Media Car Portal version 3.0, update the software to a version that includes fixes for the cross-site scripting vulnerabilities. As a temporary workaround, consider restricting user input for the PWRS, Description, news title, Name, group name, dealer name, first name, and last name fields to minimize the risk of exploitation.