Summary
The remote host runs PWSPHP (Portail Web System) a CMS written in PHP.
The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on the 'skin' parameter in the script SettingsBase.php.
With a specially crafted URL, an attacker could use the remote server to set up a cross site script attack.
Solution
Upgrade to version 1.2.3 or newer
Severity
Classification
-
CVE CVE-2005-1508 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Apache Tomcat Directory Listing and File disclosure