SecurityHome.eu Security vulnerability: PHPMemcachedAdmin 1.2.2 Cross Site Scripting

Home / vulnerabilities PDF

PHPMemcachedAdmin 1.2.2 Cross Site Scripting
Posted on 13 November 2014
Source : packetstormsecurity.org Link

CVE-2014-8732
CVSSv2 Vector:
[AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C]
CVSSv2 Base Score=7.5
CVSSv2 Temp Score=7.5
OWASP Top 10 classification: A3 - Cross Site Scripting

There is a stored xss vulnerability in phpMemcachedAdmin. Most of the user-specified input fields which are displayed on several pages of the application aren't properly escaped (lack of output enconding).

All versions prior and including the current version 1.2.2 are affected as far as we know.

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Exploits :

Relate Learning And Teaching System SSTI / Remote Code Execution
Flowise 1.6.5 Authentication Bypass
WordPress Background Image Cropper 1.2 Shell Upload
FlatPress 1.3 Shell Upload
Laravel Framework 11 Credential Disclosure

Last 20