appRain CMF Cross Site Scripting and SQL Injection Vulnerabilities

appRain CMF is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

appRain CMF 0.1.5 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus