Test Kennung:	1.3.6.1.4.1.25623.1.0.902844
Kategorie:	Web Servers
Titel:	Oracle iPlanet Web Server Multiple XSS Vulnerabilities (cpuapr2012)
Zusammenfassung:	Oracle iPlanet Web Server is prone to multiple cross-site; scripting (XSS) vulnerabilities.
Beschreibung:	Summary: Oracle iPlanet Web Server is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The following flaws exist: - Input passed via the 'helpLogoWidth' and 'helpLogoHeight' parameters to admingui/cchelp2/Masthead.jsp (when 'mastheadTitle' is set) and the 'productNameSrc', 'productNameHeight', and 'productNameWidth' parameters to admingui/version/Masthead.jsp is not properly sanitised before being returned to the user. - Input passed via the 'appName' and 'pathPrefix' parameters to admingui/cchelp2/Navigator.jsp is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Affected Software/OS: Oracle iPlanet Web Server 7.0. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0516 BugTraq ID: 53133 http://www.securityfocus.com/bid/53133 http://seclists.org/fulldisclosure/2020/May/31 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.securitytracker.com/id?1026951
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.