VULHUB ™

It is reported that Groupmax World Wide Web is susceptible to both a cross-site scripting vulnerability and a directory traversal vulnerability. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied input. The cross-site scripting issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. The directory traversal vulnerability allows remote attackers to retrieve the contents of potentially sensitive files with the privileges of the web server. Reportedly, only files with an 'html' extension are retrievable. Both of these vulnerabilities reportedly require attackers to successfully authenticate to the server prior to exploitation.

It is reported that Groupmax World Wide Web is susceptible to both a cross-site scripting vulnerability and a directory traversal vulnerability. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied input. The cross-site scripting issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. The directory traversal vulnerability allows remote attackers to retrieve the contents of potentially sensitive files with the privileges of the web server. Reportedly, only files with an 'html' extension are retrievable. Both of these vulnerabilities reportedly require attackers to successfully authenticate to the server prior to exploitation.