BasiliX Content-Type XSS Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP script which is vulnerable to a cross site scripting issue. Description : The remote host appears to be running BasiliX version 1.1.1 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary Javascript code simply by reading a MIME message with a specially crafted Content-Type header.

Solution

Upgrade to BasiliX version 1.1.1 fix1 or later.

References

http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache ActiveMQ Source Code Information Disclosure Vulnerability

Take action and discover your vulnerabilities