Nessus Plugin #11449
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
ezPublish Cross Site Scripting Bugs
- Family:
- CGI abuses : XSS
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2003 k-otik.com
- Summary:
- Determine if ezPublish is vulnerable to xss attack
- Version:
- $Revision: 1.11 $
- Cve_id:
- CAN-2003-0310
- Bugtraq_id:
- 7137, 7138
- Xrefs:
- -
- Description:
ezPublish 2.2.7 has a cross site scripting bug. An attacker may use it to
perform a cross site scripting attack on this host.
In addition to this, another flaw may allow an attacker store hostile
HTML code on the server side, which will be executed by the browser of the
administrative user when he looks at the server logs.
Solution : Upgrade to a newer version.
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.