Cross-site Scripting (XSS) is a client-side code injection attack where, an attacker can execute malicious scripts into a website or web application. Stored Cross-Site Scripting affects the web applications that allows users to store data. This action can potentially expose the users to this type of attack. This server allows unauthenticated remote attackers to conduct stored cross site scripting attacks due to improper validation of user supplied input with overly large comment text by the affected software.A successful exploit could allow the attacker to execute arbitrary script and access sensitive browser based information such as authentication cookies which could be used to launch further attacks.
Impact
The attacker can do the following impacts:-
- Execute malicious code
- Unstable the web application
Mitigation / Precaution
This vulnerability can be fixed by:-
- Applying the appropriate updates.
- Applying Snort SID 34328 to help prevent attacks.
- Implementing an intrusion prevention system or intrusion detection system to detect and prevent attacks.
