Clixint DPI Image Hosting Script Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Flashlight Free Edition and is prone to Cross Site Scripting Vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary HTML script codes in a user's established login session into the context of an affected site running the vulnerable web application. Impact Level: Network/Application.

Solution

Apply patch, http://www.clixint.com/support/viewtopic.php?f=3&t=542 ***** NOTE: Ignore this warning, if above mentioned patch is already applied. *****

Insight

This flaw is due to an error in 'images.php' which doesn't verify user supplied input before being used via 'date' parameter.

Affected

Image Hosting Script DPI 1.1 Final and prior on all running platform.

References

http://secunia.com/advisories/37456
http://www.exploit-db.com/exploits/10300

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4252
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
3Com NBX VoIP NetSet Detection
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Apache ActiveMQ Multiple Vulnerabilities
Apache Struts2 'XWork' Information Disclosure Vulnerability

Take action and discover your vulnerabilities