Vulnerability   
Search   
    Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.103432
Category:Web application abuses
Title:webgrind 'dataFile' Parameter Cross Site Scripting Vulnerability
Summary:webgrind is prone to a cross-site scripting vulnerability because it;fails to properly sanitize user-supplied input.
Description:Summary:
webgrind is prone to a cross-site scripting vulnerability because it
fails to properly sanitize user-supplied input.

Vulnerability Impact:
An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected
site. This may allow the attacker to steal cookie-based authentication
credentials and launch other attacks.

Affected Software/OS:
webgrind 1.0 is vulnerable, other versions my also be affected.

Solution:
The vendor released an update. Please see the references for details.

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N

CopyrightCopyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2025 E-Soft Inc. All rights reserved.