vendor:
Batavi
by:
5.5
CVSS
MEDIUM
Local File-Include, Cross-Site Scripting
22
CWE
Product Name: Batavi
Affected Version From: 1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Multiple Local File-Include and Cross-Site Scripting Vulnerabilities in Batavi
Batavi is prone to multiple local file-include and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute local files within the context of the affected application. The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Mitigation:
To mitigate these vulnerabilities, it is recommended to sanitize user-supplied input properly to prevent directory-traversal attacks and implement input validation and output encoding to prevent cross-site scripting attacks.