Siteframe search.php searchfor Parameter XSS

medium Nessus Plugin ID 11448

Language:

Synopsis

The remote web server is affected by a cross-site scripting vulnerability.

Description

Siteframe 2.2.4 has a cross-site scripting bug. An attacker may use it to perform a cross-site scripting attack on this host.

In addition to this, another flaw in this package may allow an attacker to obtain the physical path to the remote web root.

Solution

Upgrade to a newer version.

Plugin Details

Severity: Medium

ID: 11448

File Name: siteframe_xss.nasl

Version: 1.35

Type: remote

Published: 3/23/2003

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/PHP, Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7140, 7143

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990