AR Web Content Manager (AWCM) 'search.php' Cross Site Scripting Vulnerability Network Vulnerability

Summary

The host is running AR Web Content Manager (AWCM) and is prone to Cross-Site Scripting vulnerability.

Impact

Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application. Impact Level: Application.

Solution

Apply the patch from below link, For updates refer to http://www.zshare.net/download/8818096688e1e96a/

Insight

Input passed via the 'search' parameter in 'search' action in search.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and launch further attacks.

Affected

AWCM CMS version 2.2 and prior

References

http://www.securityfocus.com/bid/47126/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-1668
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts2/XWork Remote Command Execution Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Rave User Information Disclosure Vulnerability
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities