 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.900939 |
| Category: | Web application abuses |
| Title: | ELOG Logbook XSS Vulnerability |
| Summary: | ELOG is prone to a cross-site scripting (XSS) vulnerability. |
| Description: | Summary: ELOG is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: An error occurs while processing malicious user supplied data passed into the 'logbook' module and can be exploited to inject arbitrary HTML and script code in the context of the affected application. Vulnerability Impact: Attackers can exploit this issue to steal cookie-based authentication credentials by conducting Cross-Site Scripting attacks on the affected system. Affected Software/OS: ELOG versions prior to 2.7.2. Solution: Upgrade ELOG Version to 2.7.2 or later. Please see the references for more info. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-7206 BugTraq ID: 27526 http://www.securityfocus.com/bid/27526 http://osvdb.org/41685 XForce ISS Database: elog-logbook-xss(40124) https://exchange.xforce.ibmcloud.com/vulnerabilities/40124 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |