Summary
The remote host contains a PHP script that is vulnerable to cross-site scripting attacks.
Description :
The remote host appears to be running ZeroBlog.
A vulnerability was identified in Zeroblog, which may be exploited by remote attackers to inject script code.
ZeroBlog does not properly sanitize user input in the 'threadID', 'replyID' and 'albumID' parameters.
Solution
Unknown at this time.
Severity
Classification
-
CVE CVE-2005-3264 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness