|
Family: CGI abuses : XSS --> Category: infos
BasiliX Content-Type XSS Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for Content-Type XSS vulnerability in BasiliX
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script which is vulnerable to a
cross site scripting issue.
Description :
The remote host appears to be running BasiliX version 1.1.1 or lower.
Such versions are vulnerable to a cross-scripting attack whereby an
attacker may be able to cause a victim to unknowingly run arbitrary
Javascript code simply by reading a MIME message with a specially
crafted Content-Type header.
Solution :
Upgrade to BasiliX version 1.1.1 fix1 or later.
See also :
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt
http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-1.txt
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|