vendor:
LedNews
by:
SecurityFocus
7,5
CVSS
HIGH
Input Validation
20
CWE
Product Name: LedNews
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
LedNews Input Validation Vulnerability
LedNews is vulnerable to an input validation vulnerability which allows an attacker to steal authentication cookies or perform other nefarious activities. This is done by inserting a malicious script into a news post which redirects the user to a malicious website.
Mitigation:
Input validation should be performed on all user-supplied data to ensure that it does not contain malicious code.