Summary
The remote web server contains a PHP application that is prone to cross-site scripting attacks.
Description :
According to its banner, the remote version of PunBB is vulnerable to cross-site scripting flaws because the application does not validate URL and quote tags. With a specially-crafted URL, an attacker may be able to inject arbitrary HTML and script code into a user's browser, resulting in a loss of integrity.
Solution
Upgrade to PunBB version 1.1.5 or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities