Test ID:	1.3.6.1.4.1.25623.1.0.804876
Category:	Web application abuses
Title:	Quixplorer Multiple Vulnerabilities (Nov 2014)
Summary:	Quixplorer is prone to multiple vulnerabilities.
Description:	Summary: Quixplorer is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist as the input passed via the 'dir', 'item', 'order', 'searchitem', 'selitems[]', and 'srt' parameters is not validated upon submission to the /quixplorer/src/index.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to gain access to arbitrary files and execute arbitrary script code in a user's browser within the trust relationship between user's browser and the server. Affected Software/OS: Quixplorer version 2.5.4 and prior. Solution: Upgrade to Quixplorer version 2.5.5 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1641 https://github.com/realtimeprojects/quixplorer https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-030.txt http://secunia.com/advisories/55725 XForce ISS Database: quixplorer-cve20131641-dir-traversal(89059) https://exchange.xforce.ibmcloud.com/vulnerabilities/89059 Common Vulnerability Exposure (CVE) ID: CVE-2013-1642 https://exchange.xforce.ibmcloud.com/vulnerabilities/89056
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.