BloofoxCMS 'search' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

bloofoxCMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input passed through the 'search' parameter. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects bloofoxCMS 0.3.5 other versions may be vulnerable as well.

References

http://www.securityfocus.com/bid/36700

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-4522
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

/cgi-bin directory browsable ?
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Apache Tomcat DOS Device Name XSS

bloofoxCMS 'search' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities