Overview
pd-admin, a web interface for users of hosting providers, is susceptible to cross-site scripting (XSS) vulnerabilities.
Description
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') pd-admin, contains cross-site scripting (XSS) vulnerabilities. |
Impact
An attacker may be able to exploit the cross-site scripting vulnerability to result in information leakage, privilege escalation, and/or denial of service on the host computer. |
Solution
Apply an Update |
Restrict access |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Temporal | 3.9 | E:ND/RL:U/RC:UC |
Environmental | 2.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Thomas Roth for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
CVE IDs: | CVE-2013-0129 |
Date Public: | 2013-03-08 |
Date First Published: | 2013-04-15 |
Date Last Updated: | 2013-04-15 20:11 UTC |
Document Revision: | 18 |