Cross site scripting

2006-03-2011:02:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.

CPENameOperatorVersion
webcheckeq1.9.3
webcheckeq1.9.2
webcheckeq1.9.1
webcheckle1.9.5
webcheckeq1.9.4
webcheckeq1.9.0

Name	Operator	Version
webcheck	eq	1.9.3
webcheck	eq	1.9.2
webcheck	eq	1.9.1
webcheck	le	1.9.5
webcheck	eq	1.9.4
webcheck	eq	1.9.0

References

ch.tudelft.nl/~arthur/webcheck/news.html

secunia.com/advisories/19309

www.securityfocus.com/bid/17212

exchange.xforce.ibmcloud.com/vulnerabilities/25428