Eva.Web.Index.PHP3.File.Inclusion
Description
This indicates a vulnerability in EVA-Web. It allows remote attackers to conduct cross-site scripting attacks via invalid "perso" or "aide" parameters .
Affected Products
SPIP-Education EVA-Web 2.1.2
SPIP-Education EVA-Web 2.2
SPIP-Education EVA-Web 2.1
SPIP-Education EVA-Web 2.0
Impact
Cross site scripting.
Recommended Actions
Currently we are not aware of any official fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |