BasiliX Message Content Script Injection Vulnerability Network Vulnerability

Summary

The remote web server contains PHP scripts that are prone to cross-site scripting attacks. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are vulnerable to cross-scripting attacks since they do not filter HTML tags when showing a message. As a result, an attacker can include arbitrary HTML and script code in a message and have that code executed by the user's browser when it is viewed.

Solution

Upgrade to BasiliX version 1.1.1 or later.

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-1708
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Struts Directory Traversal Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities