|HIO-2008-1027 Silva CMS SilvaFind 1.1.3 XSS|
Cross-site scripting occurs where the "fulltext" variable doesn't properly sanitize input upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
The vulnerability is reported in Silva Find version 1.1.5 and prior included in Silva prior to 18.104.22.168, 22.214.171.124, and 126.96.36.199.
Vendor Solution: Update to version 188.8.131.52, 184.108.40.206, or 220.127.116.11.
|< Prev||Next >|