vendor:
OpenWFE
by:
7.5
CVSS
HIGH
Cross-Site Scripting and Connection Proxy
Cross-Site Scripting (XSS) and Improper Access Control
CWE
Product Name: OpenWFE
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
OpenWFE Cross-Site Scripting and Connection Proxy Vulnerability
The OpenWFE application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. This can be exploited by an attacker to steal authentication credentials and execute malicious code in a user's browser. Additionally, OpenWFE is also affected by a connection proxy vulnerability, allowing anonymous scanning of network computers.
Mitigation:
To mitigate the cross-site scripting vulnerability, it is recommended to implement proper input sanitization and validation mechanisms. Additionally, OpenWFE should address the connection proxy vulnerability by implementing proper access controls and authentication mechanisms.