Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.900939
Category:Web application abuses
Title:ELOG Logbook Cross Site Scripting Vulnerability
Summary:This host has ELOG installed and is prone to cross-site; scripting vulnerability.
Description:Summary:
This host has ELOG installed and is prone to cross-site
scripting vulnerability.

Vulnerability Insight:
An error occurs while processing malicious user supplied data passed into
the 'logbook' module and can be exploited to inject arbitrary HTML and
script code in the context of the affected application.

Vulnerability Impact:
Attackers can exploit this issue to steal cookie-based authentication
credentials by conducting Cross-Site Scripting attacks on the affected system.

Affected Software/OS:
ELOG versions prior to 2.7.2.

Solution:
Upgrade ELOG Version to 2.7.2 or later. Please see the
references for more info.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: BugTraq ID: 27526
Common Vulnerability Exposure (CVE) ID: CVE-2008-7206
http://www.securityfocus.com/bid/27526
http://osvdb.org/41685
XForce ISS Database: elog-logbook-xss(40124)
https://exchange.xforce.ibmcloud.com/vulnerabilities/40124
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.