Family: CGI abuses --> Category: infos
BasiliX Message Content Script Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for message content script injection vulnerability in BasiliX
Detailed Explanation for this Vulnerability Test
The remote web server contains PHP scripts that are prone to cross-site
The remote host appears to be running a BasiliX version 1.1.0 or lower.
Such versions are vulnerable to cross-scripting attacks since they do
not filter HTML tags when showing a message. As a result, a possible hacker
can include arbitrary HTML and script code in a message and have that
code executed by the user's browser when it is viewed.
See also :
Upgrade to BasiliX version 1.1.1 or later.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.