Summary
The remote web server contains a PHP script which is vulnerable to a cross site scripting issue.
Description :
The remote host appears to be running BasiliX version 1.1.1 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary Javascript code simply by reading a MIME message with a specially crafted Content-Type header.
Solution
Upgrade to BasiliX version 1.1.1 fix1 or later.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Struts Cross Site Scripting Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness