CruxCMS 'txtusername' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running CruxCMS and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site. Impact Level: Application.

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is caused by an input validation error in the 'manager/login.php' script when processing the 'txtusername' parameter.

Affected

CruxCMS version 3.0

References

http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxcms_1.html
http://www.securityfocus.com/archive/1/archive/1/512245/100/0/threaded
http://www.vupen.com/english/advisories/2010/1708

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2717
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Solr Directory Traversal Vulnerability Jan-14
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities