Summary
The remote host contains a PHP script that is vulnerable to cross-site scripting attacks.
Description :
The remote host appears to be running ZeroBlog.
A vulnerability was identified in Zeroblog, which may be exploited by remote attackers to inject script code.
ZeroBlog does not properly sanitize user input in the 'threadID', 'replyID' and 'albumID' parameters.
Solution
Unknown at this time.
Severity
Classification
-
CVE CVE-2005-3264 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability