vendor:
Banana Dance
by:
SecurityFocus
7,5
CVSS
HIGH
Cross-Site Scripting and SQL Injection
79, 89
CWE
Product Name: Banana Dance
Affected Version From: B.2.1
Affected Version To: B.2.1
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
Banana Dance Cross-Site Scripting and SQL Injection Vulnerabilities
Banana Dance is prone to cross-site-scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to execute unintended commands or queries. It is also important to keep applications updated with the latest security patches.
