Test ID:	1.3.6.1.4.1.25623.1.0.801911
Category:	Web application abuses
Title:	AR Web Content Manager (AWCM) 'search.php' Cross Site Scripting Vulnerability
Summary:	AR Web Content Manager (AWCM) is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: AR Web Content Manager (AWCM) is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Input passed via the 'search' parameter in 'search' action in search.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and launch further attacks. Vulnerability Impact: Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application. Affected Software/OS: AWCM CMS version 2.2 and prior Solution: Apply the patch from below link. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1668 BugTraq ID: 47126 http://www.securityfocus.com/bid/47126 Bugtraq: 20110401 AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517294/100/0/threaded http://secpod.org/advisories/SECPOD_AWCM_XSS.txt http://securityreason.com/securityalert/8193 XForce ISS Database: arwebcontentmanager-search-xss(66536) https://exchange.xforce.ibmcloud.com/vulnerabilities/66536
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.