vendor:
aBitWhizzy
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting, Directory-Traversal
79, 22
CWE
Product Name: aBitWhizzy
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
aBitWhizzy Multiple Cross-Site Scripting and Directory-Traversal Vulnerabilities
aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit these vulnerabilities to view the directory structure on the affected webserver and perform cross-site scripting attacks on unsuspecting users in the context of the affected website. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Update to the latest version of aBitWhizzy which addresses these vulnerabilities. Avoid supplying untrusted input to the affected application.