Test ID:	1.3.6.1.4.1.25623.1.0.803625
Category:	Web application abuses
Title:	Wonderdesk SQL Multiple Cross-Site Scripting (XSS) Vulnerabilities
Summary:	Wonderdesk SQL is prone to multiple cross-site scripting vulnerabilities.
Description:	Summary: Wonderdesk SQL is prone to multiple cross-site scripting vulnerabilities. Vulnerability Insight: Multiple flaws due to: - Improper sanitization of 'cus_email' parameter to wonderdesk.cgi when 'do' is set to 'cust_lostpw'. - Improper sanitization of 'help_name', 'help_email', 'help_website', and 'help_example_url' parameters to wonderdesk.cgi when 'do' is set to 'hd_modify_record'. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and launch other attacks. Affected Software/OS: Wonderdesk version 4.14, other versions may also be affected Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1788 BugTraq ID: 52193 http://www.securityfocus.com/bid/52193 http://packetstormsecurity.org/files/110224/WonderDesk-Cross-Site-Scripting.html http://st2tea.blogspot.com/2012/02/wonderdesk-cross-site-scripting.html http://osvdb.org/79647 http://secunia.com/advisories/48167 XForce ISS Database: wonderdesk-wonderdesk-xss(73502) https://exchange.xforce.ibmcloud.com/vulnerabilities/73502
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.