vendor:
Bonsai Tool
by:
SecurityFocus
7.5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: Bonsai Tool
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Multiple Cross Site Scripting Vulnerabilities in Bonsai Tool
Multiple cross site scripting vulnerabilities have been reported for the Bonsai tool. An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Attacker-supplied code may execute within the context of the site hosting the vulnerable software when the malicious link is visited. This type of vulnerability may be used to steal cookies or perform other web-based attacks. It may be possible to take actions as an user of the Bonsai system.
Mitigation:
Input validation should be used to prevent malicious code from being executed.
