Intrusion Prevention

HTTP.UserAgent.HTML.Injection

Description

A vulnerability has been identified in ReloadCMS, which may be exploited by attackers to execute arbitrary scripting code. This flaw is due to an input validation error in the administrative interface that does not validate the "User-Agent" header before it is displayed by the statistics module, which could be exploited by attackers to cause arbitrary scripting code to be executed by the administrator's browser in the security context of an affected Web site.

Affected Products

ReloadCMS version 1.2.5 and prior

Impact

HTML or php code injection.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2006-1645