ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities

Hacker Research Topics

web-security

ece_home_project

ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: ECE Projects /suchergebnis/? tx_solr[q] Parameter XSS (Cross-site Scripting) Security Vulnerabilities

Vendor: ECE Projektmanagement G.m.b.H. & Co. KG (ECE)

Product: ECE Projects

Vulnerable Versions:

Tested Version:

Advisory Publication: April 01, 2015

Latest Update: April 01, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:



(1) Vendor & Product Description:

Vendor:

ECE Projektmanagement G.m.b.H. & Co. KG (ECE)

Product & Version:

All Projects – Shopping & Office, Traffic, Industries, Hotel, Residential

Vendor URL & download:

ECE Projects can be obtained from here,

http://www.ece.com/en/projects/all-projects/

Google Dork:

ECE Projektmanagement GmbH & Co. KG

Product Introduction Overview:

“ECE develops, builds, and manages large commercial properties in the business areas Shopping, Office, Traffic, and Industries…

View original post 403 more words

Advertisements
This entry was posted in Articles and tagged , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s