Fantastico Cross-Site Scripting Vulnerabilities and Local File Include Vulnerability

Fantastico is prone to multiple cross-site scripting vulnerabilities and a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability to access potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer.

The attacker can exploit the cross-site scripting vulnerabilities to execute arbitrary script code within the context of the affected site and steal cookie-based authentication credentials.


Privacy Statement
Copyright 2010, SecurityFocus