Summary
This host is installed with PHP and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to latest version of PHP,
http://www.php.net/downloads.php
Insight
The flaw is due to an error in handling 'display_errors', when display_errors is set to on and html_errors is set to on.
Affected
PHP versions 5.3.10 and 5.4.0
Detection
Get the installed version of PHP with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Admidio get_file.php Remote File Disclosure Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities