FlashCanvas <
PVS ID: 8110 FAMILY: Web Servers RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis :\n\nThe remote host is running a vulnerable version of FlashCanvas.\n\nVersions of FlashCanvas 1.5 and possibly earlier are vulnerable to a flaw that allows a reflected cross-site scripting (XSS) attack, due to lack of input validation of the referer header when submitted to the proxy.php script. An attacker could leverage this to execute arbitrary code in the user's browser within the security context of the browser and the server.

Solution: Upgrade to Flash Canvas Pro 1.6 or later. The vendor also advises removing proxy.php from the web directory if upgrading is not possible.

CVE-2013-6880


Copyright Tenable Network Security Inc. 2014