Summary
The remote web server contains PHP scripts that are prone to cross-site scripting attacks.
Description :
The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are vulnerable to cross-scripting attacks since they do not filter HTML tags when showing a message. As a result, an attacker can include arbitrary HTML and script code in a message and have that code executed by the user's browser when it is viewed.
Solution
Upgrade to BasiliX version 1.1.1 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2002-1708 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Apache Tomcat DOS Device Name XSS