Summary
XODA is prone to an arbitrary file-upload vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker could exploit these issues to execute arbitrary script code in a user's browser in the context of the affected site or execute arbitrary code on the server.
XODA 0.4.5 is vulnerable
other versions may also be affected.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 9.7
AV:N/AC:L/Au:N/C:C/I:C/A:P
Related Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- Artifectx xClassified 'catid' SQL Injection Vulnerability
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability