Test ID:	1.3.6.1.4.1.25623.1.0.803961
Category:	Web application abuses
Title:	BoltWire <= 3.5 Multiple XSS Vulnerabilities
Summary:	BoltWire is prone to multiple cross-site scripting (XSS); vulnerabilities.
Description:	Summary: BoltWire is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: An error exists in the index.php script which fails to properly sanitize user-supplied input to 'p' and 'content' parameter before using. Vulnerability Impact: Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials. Affected Software/OS: BoltWire version 3.5 and earlier. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2651 Bugtraq: 20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html http://packetstormsecurity.com/files/123558 XForce ISS Database: boltwire-cve20132651-xss(87809) https://exchange.xforce.ibmcloud.com/vulnerabilities/87809
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.