Detections
Analytics

Sitecore CMS 'default.aspx' XSS

medium Nessus Plugin ID 55977

Language:

Synopsis

The remote web server contains an application that is affected by a cross-site scripting vulnerability.

Description

The remote host is running a version of Sitecore CMS that is reportedly affected by a cross-site scripting vulnerability. An attacker could exploit this to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

Solution

Upgrade to Sitecore 6.0.2 rev.090507, also known as 6.0.2 Update-1, or newer.

See Also

http://www.nessus.org/u?e79083b7

http://www.nessus.org/u?b614d96a

Plugin Details

Severity: Medium

ID: 55977

File Name: sitecore_cms_default_aspx_xss.nasl

Version: 1.12

Type: remote

Published: 8/25/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:sitecore:cms

Required KB Items: www/sitecore_cms

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 5/22/2009

Vulnerability Publication Date: 6/3/2009

Reference Information

CVE: CVE-2009-2163

BID: 44405

CWE: 79