HTTP.UserAgent.HTML.Injection
Description
A vulnerability has been identified in ReloadCMS, which may be exploited by attackers to execute arbitrary scripting code. This flaw is due to an input validation error in the administrative interface that does not validate the "User-Agent" header before it is displayed by the statistics module, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site.
Affected Products
ReloadCMS version 1.2.5 and prior
Impact
HTML or php code injection.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |