Summary
The remote web server contains a CGI which is vulnerable to a cross site scripting vulnerability.
Description :
The remote host seems to be running BreakCalendar, a web based calendar.
The remote version of this software is vulnerable to cross site scripting vulnerability which may allow an attacker to use the remote host to perform attacks against third party users.
Solution
Update or disable this CGI suite
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- /doc directory browsable ?
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability