vendor:
GL-SH Deaf Forum
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting and Arbitrary File Upload
79
CWE
Product Name: GL-SH Deaf Forum
Affected Version From: 6.5.2005
Affected Version To: 6.5.2005
Patch Exists: YES
Related CWE: N/A
CPE: a:gl-sh:gl-sh_deaf_forum
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
GL-SH Deaf Forum Cross-Site Scripting and Arbitrary File Upload Vulnerabilities
GL-SH Deaf Forum is prone to a cross-site scripting vulnerability and an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker can exploit the file-upload issue to execute arbitrary code in the context of the webserver.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized.
