This host is running Habari and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and determine the full path to the web root directory and other potentially sensitive information. Impact Level: Application.

Upgrade to Habari version 0.6.6 or later For updates refer to http://habariproject.org/en/download

The flaws are due to - Input passed to the 'additem_form' parameter in 'system/admin/dash_additem.php' and 'status_data[]' parameter in 'system/admin/dash_status.php' is not properly sanitised before being returned to the user. - Error in '/system/admin/header.php' and '/system/admin/comments_items.php' script, which generate an error that will reveal the full path of the script.

Habari version 0.6.5

• http://secunia.com/advisories/42688
• http://www.exploit-db.com/exploits/15799/
• http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.html
• http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.html

---

Updated on 2015-03-25