The remote web server contains a PHP script which is vulnerable to a cross site scripting issue. Description : The remote host appears to be running BasiliX version 1.1.1 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary Javascript code simply by reading a MIME message with a specially crafted Content-Type header.

Upgrade to BasiliX version 1.1.1 fix1 or later.

• http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
• http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt

---

Updated on 2015-03-25