vendor:
NetworX
by:
7.5
CVSS
HIGH
Arbitrary File Upload, Cross-Site Scripting
434, 79
CWE
Product Name: NetworX
Affected Version From: 1.0.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Arbitrary File Upload and Cross-Site Scripting Vulnerabilities in SocialABC NetworX
The SocialABC NetworX application fails to properly sanitize user-supplied input, leading to an arbitrary file-upload vulnerability and a cross-site scripting vulnerability. Attackers can exploit these vulnerabilities to steal authentication information, execute client-side scripts, upload and execute arbitrary files on the webserver, and launch other attacks.
Mitigation:
To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques. Additionally, file uploads should be restricted to specific file types and properly validated before execution. Regular security updates and patches should be applied to the application.