FreeBSD : MT -- Search Unspecified XSS (350a5bd9-520b-11db-8f1a-000a48049292)

medium Nessus Plugin ID 22499

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Secunia reports :

Arai has reported a vulnerability in Movable Type and Movable Type Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks.

Some unspecified input passed via the search functionality isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?af916c6d

http://www.nessus.org/u?01761385

Plugin Details

Severity: Medium

ID: 22499

File Name: freebsd_pkg_350a5bd9520b11db8f1a000a48049292.nasl

Version: 1.16

Type: local

Published: 10/5/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mt, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/2/2006

Vulnerability Publication Date: 9/26/2006

Reference Information

CVE: CVE-2006-5080

BID: 20228

CWE: 79

Secunia: 22109