vendor:
Flash Tag Cloud, MT-Cumulus Plugin
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Flash Tag Cloud, MT-Cumulus Plugin
Affected Version From: Flash Tag Cloud For MT 4
Affected Version To: MT-Cumulus 1.02 and prior versions
Patch Exists: NO
Related CWE: Unknown
CPE: a:flash_tag_cloud:flash_tag_cloud::mt_4 cpe:/a:mt-cumulus:mt-cumulus:1.02
Platforms Tested:
Unknown
Flash Tag Cloud widget and MT-Cumulus Plugin Cross-Site Scripting Vulnerability
The Flash Tag Cloud widget and the MT-Cumulus Plugin are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.
Mitigation:
To mitigate this vulnerability, it is recommended to update the Flash Tag Cloud widget and the MT-Cumulus Plugin to the latest version. Additionally, input sanitization should be implemented to prevent cross-site scripting attacks.
