Summary
The remote web server contains a PHP script which is vulnerable to a cross site scripting issue.
Description :
The remote host appears to be running BasiliX version 1.1.1 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary Javascript code simply by reading a MIME message with a specially crafted Content-Type header.
Solution
Upgrade to BasiliX version 1.1.1 fix1 or later.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- A Really Simple Chat Multiple XSS Vulnerabilities
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability