11 lines
No EOL
1.1 KiB
Text
11 lines
No EOL
1.1 KiB
Text
source: https://www.securityfocus.com/bid/10622/info
|
|
|
|
PowerPortal is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
|
|
|
|
PowerPortal is prone to multiple cross-site scripting vulnerabilities. These cross-site scripting issues can permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer. This attack can allow for theft of cookie-based authentication credentials and other attacks.
|
|
|
|
Additionally, PowerPortal is prone to an information disclosure vulnerability. It is reported that a remote attacker may reveal directory listings, by supplying directory traversal sequences to the 'modules.php' script.
|
|
|
|
The information disclosure vulnerability may be employed by the attacker in order to reveal potentially sensitive information regarding the layout of the filesystem on the affected computer.
|
|
|
|
http://www.example.com/modules.php?name=gallery&files=/../../../ |