This host is installed with Contenido CMS and is prone to multiple cross-site scripting vulnerabilities.
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Impact Level: Application
Upgrade to Contenido CMS version 4.9.6 or later. For updates refer http://www.contenido.org/
Multiple flaws exists as input passed via the 'idart', 'lang', or 'idcat' GET parameters to cms/front_content.php script is not properly sanitised before being returned to the user within the 'checkParams' function.
Contenido CMS versions 4.9.x through 4.9.5
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
- net2ftp Multiple Cross-Site Scripting Vulnerabilities
- Novatel Wireless MiFi 2352 Password Information Disclosure Vulnerability
- MantisBT Cross-site scripting Vulnerability
- BestShopPro 'str' Parameter Cross Site Scripting and SQL Injection Vulnerabilities
- MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability