Summary
The remote web server contains a PHP application that is prone to cross-site scripting attacks.
Description :
According to its banner, the remote version of PunBB is vulnerable to cross-site scripting flaws because the application does not validate URL and quote tags. With a specially-crafted URL, an attacker may be able to inject arbitrary HTML and script code into a user's browser, resulting in a loss of integrity.
Solution
Upgrade to PunBB version 1.1.5 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache Open For Business HTML injection vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities