Summary
This host is running ESET Remote Administrator and is prone to remote Cross-Site Scripting vulnerability.
Impact
Successful explotiation will allow the attacker to execute arbitrary code in the scope of the application and can compromise the way the site is rendered to the user.
Impact Level: Application
Solution
Upgrade to the version 3.0.105,
http://www.eset.eu/products/eset-remote-administrator-3
Insight
This vulnerability exists in the Additional Report Settings interface which fails to properly sanitize user supplied input before using it in dynamically generated content. As a result the host becomes vulnerable to arbitrary web script or HTML code injection.
Affected
ESET Remote Administrator version prior to 3.0.105 on Windows.
References
Severity
Classification
-
CVE CVE-2009-0548 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities June-09
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities