Summary
The remote web server contains an ASP script which is vulnerable to a cross site scripting issue.
Description :
The remote host appears to be running the ASP-DEV XM Forum.
There is a flaw in the remote software which may allow anyone to inject arbitrary HTML and script code through the BBCode IMG tag to be executed in a user's browser within the context of the affected web site.
Solution
Unknown at this time.
Severity
Classification
-
CVE CVE-2005-1008 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Subversion Module Metadata Accessible
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure