BoltWire Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is installed with BoltWire and is prone to multiple cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

An error exists in the index.php script which fails to properly sanitize user-supplied input to "p" and "content" parameter before using.

Affected

BoltWire version 3.5 and earlier

Detection

Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.

References

http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html
http://packetstormsecurity.com/files/123558
http://www.securityfocus.com/bid/62907
http://xforce.iss.net/xforce/xfdb/87809

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2651
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Adobe JRun Management Console Multiple Vulnerabilities
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
Apache Web Server ETag Header Information Disclosure Weakness

Take action and discover your vulnerabilities