Alias(es)ReloadCMS.UserAgent.HTML.Injection |
Release DateFeb 02, 2007 |
Severitylow |
ImpactHTML or php code injection. |
DescriptionA vulnerability has been identified in ReloadCMS, which may be exploited by attackers to execute arbitrary scripting code. This flaw is due to an input validation error in the administrative interface that does not validate the "User-Agent" header before it is displayed by the statistics module, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site. |
Affected ProductsReloadCMS version 1.2.5 and prior |
Recommended ActionsCurrently we are not aware of any vendor-supplied patches for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-1645 |
Reference/shttp://www.securityfocus.com/bid/17353 (BugTraq) |
