vendor:
Chimera Web Portal
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site Scripting and SQL Injection
79, 89
CWE
Product Name: Chimera Web Portal
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
Chimera Web Portal Multiple Input Validation Vulnerabilities
Chimera Web Portal is prone to multiple input validation vulnerabilities. The issues include cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.
Mitigation:
Input validation should be used to detect unauthorized input before it is processed by the application. Sanitize all user-supplied input to prevent malicious code from being executed.
