Summary
The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP.
This version has been reported prone to HTML injection vulnerabilities through 'index.php'. These issues present themself due to a lack of sufficient input validation performed on form fields used by PHPGroupWare modules.
A malicious attacker may inject arbitrary HTML and script code using these form fields that may be incorporated into dynamically generated web content.
Solution
Update to version 0.9.16 RC3 or newer
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2004-2574 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities