vendor:
Ripe Website Manager
by:
7.5
CVSS
HIGH
Cross-Site Scripting, SQL Injection
79, 89
CWE
Product Name: Ripe Website Manager
Affected Version From: 1.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Ripe Website Manager Cross-Site Scripting and SQL Injection Vulnerabilities
Ripe Website Manager is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mitigation:
To mitigate these vulnerabilities, it is recommended to sanitize all user-supplied data before using it in SQL queries or outputting it to web pages.
