PHPMemcachedAdmin 1.2.2 Cross Site Scripting

2014.11.13

Credit: Anonymous

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2014-8732

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

CVE-2014-8732
CVSSv2 Vector:
[AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C]
CVSSv2 Base Score=7.5
CVSSv2 Temp Score=7.5
OWASP Top 10 classification: A3 - Cross Site Scripting
There is a stored xss vulnerability in phpMemcachedAdmin. Most of the user-specified input fields which are displayed on several pages of the application aren't properly escaped (lack of output enconding).
All versions prior and including the current version 1.2.2 are affected as far as we know.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHPMemcachedAdmin 1.2.2 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.