Test ID:	1.3.6.1.4.1.25623.1.0.803316
Category:	Web application abuses
Title:	glFusion Multiple Cross-Site Scripting Vulnerabilities
Summary:	glFusion is prone to multiple cross-site scripting vulnerabilities.
Description:	Summary: glFusion is prone to multiple cross-site scripting vulnerabilities. Vulnerability Insight: The flaws are due - Insufficient filtration of user data in URL after '/admin/plugins/mediagallery/xppubwiz.php' - Insufficient filtration of user data passed to '/profiles.php', '/calendar/index.php' and '/links/index.php' via following parameters, 'subject', 'title', 'url', 'address1', 'address2', 'calendar_type', 'city', 'state', 'title', 'url', 'zipcode'. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code in the browser to steal cookie-based authentication credentials and launch other attacks. Affected Software/OS: glFusion version 1.2.2 and prior Solution: Upgrade to the latest version of glFusion 1.2.2.pl4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1466 Bugtraq: 20130220 Multiple Cross-Site Scripting (XSS) in glFusion (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html http://www.exploit-db.com/exploits/24536 http://packetstormsecurity.com/files/120423/glFusion-1.2.2-Cross-Site-Scripting.html https://www.htbridge.com/advisory/HTB23142 http://secunia.com/advisories/52255 XForce ISS Database: glfusion-multiple-xss(82211) https://exchange.xforce.ibmcloud.com/vulnerabilities/82211
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.