|
|
Info |
Last Modified |
| 2 months ago |
|
|
|
|
|
This Entry needs help! It is only 55% Complete. Click the edit link above to add more information.
Contributing is fast and easy, and benefits the entire security community.
|
Keywords |
Silva CMS, XSS, cross-site scripting
|
|
Description |
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Solution:
Upgrade
OSVDB:
Web Related
|
|
Technical |
Silva CMS SilvaFind 1.1.5 and earlier contain a flaw that allows remote cross site scripting. SilvaFind is a Silva extension offering a highly customizable search solution for use with Silva.
Cross-site scripting occurs where the "fulltext" variable doesn't properly sanitize input upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
The vulnerability is reported in Silva Find version 1.1.5 and prior included in Silva prior to 2.1.0.2, 2.0.12.2, and 1.6.3.2.
|
|
Solution |
Upgrade to version 2.1.0.2, 2.0.12.2, 1.6.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
Unknown or Incomplete
|
|
|
|
Credit |
- Russ McRee - holisticinfosec.org
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
