Detections
Analytics

mvnForum activatemember Multiple Parameter XSS

low Nessus Plugin ID 21757

Language:

Synopsis

The remote web server contains a Java application that is affected by several cross-site scripting issues.

Description

The remote host is running mvnForum, an open source, forum application based on Java J2EE.

The version of mvnForum installed on the remote host fails to sanitize user-supplied input to the 'activatecode' and 'member' parameters of the 'activatemember' script before using it to generate dynamic web content. Successful exploitation of this issue may lead to the execution of arbitrary HTML and script code in a user's browser within the context of the affected application.

Solution

Unknown at this time.

See Also

http://pridels0.blogspot.com/2006/06/mvnforum-xss-vuln.html

Plugin Details

Severity: Low

ID: 21757

File Name: mvnforum_activatemember_xss.nasl

Version: 1.21

Type: remote

Published: 6/27/2006

Updated: 4/7/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mvnforum:mvnforum

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 6/24/2006

Reference Information

CVE: CVE-2006-3245

BID: 18663

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990