28 XSS Vulnerabilities

Jun 24, 2008

Acunetix says my site has 28 XSS vulnerabilities?

For example it says calendar.pl is vulnerable and it was able to set a javascript alert as the variable calendar_view.

How can I fix this?

Vulnerability description

This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.

Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. A browser execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

This vulnerability affects /cgi-bin/calendar.pl.

The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application
Attack details
The POST variable calendar_view has been set to >"><ScRiPt%20%0a%0d>alert(398096611151)%3B</ScRiPt>.

View 1 Replies

Security Vulnerabilities Found In HyperVM And LXadmin/Kloxo

Jun 6, 2009

Just got this email

Quote:

Dear Customers,

Multiple security vulnerabilities were discovered in hyperVM and Lxadmin/Kloxo. It is recommended that you update your hyperVM/Kloxo systems to the latest version, as soon as possible.

Details of the vulnerabilities will be posted in the coming days in our forum.

On hyperVM or Kloxo master, Run:

/script/upcp

Lxlabs Support Team

View 14 Replies

View Related

28 XSS Vulnerabilities

Bind 9 Vulnerabilities

Cacti Command Execution And SQL Injection Vulnerabilities

Security Vulnerabilities Found In HyperVM And LXadmin/Kloxo

How To Secure And Harden Centos Linux Server From Vulnerabilities & Threats ,attacks