HTTP.UserAgent.HTML.Injection

description-logoDescription

A vulnerability has been identified in ReloadCMS, which may be exploited by attackers to execute arbitrary scripting code. This flaw is due to an input validation error in the administrative interface that does not validate the "User-Agent" header before it is displayed by the statistics module, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site.

affected-products-logoAffected Products

ReloadCMS version 1.2.5 and prior

Impact logoImpact

HTML or php code injection.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)