Full title: SiteVision 4.x / 5.x Insufficient Module Access Control Vulnerability 
Category: web applications
Platform: jsp
SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.

# 0day.today @ http://0day.today/