Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CJOverkill < 4.0.4 trade.php XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack

Description

The remote server runs a version of CJOverkill, a free traffic trading script that is as old as or older than version 4.0.3. The remote version of this software is vulnerable to a cross-site scripting attack.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.

This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Solution

Upgrade to version 4.0.4 or higher.