Summary
This host is installed with Webtrees and
is prone to xss vulnerability.
Impact
Successful exploitation will allow attacker
to execute arbitrary HTML and script code in the context of an affected site.
Impact Level: Application
Solution
Update to version 1.5.2 or later,
For updates refer, http://www.webtrees.net/index.php/en
Insight
Flaw is due to the modules_v3/googlemap/
wt_v3_street_view.php script does not validate input to the 'map' parameter before returning it to users.
Affected
webtrees version before 1.5.2
Detection
Send a crafted request via HTTP GET and
check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-100006 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- AN Guestbook Local File Inclusion Vulnerability