Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: infos

pLog User Registration HTML Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Searches for the existence of pLog

Detailed Explanation for this Vulnerability Test

The remote host is running pLog, a blogging system written in PHP.

The remote version of this software does not perform a proper validation
of user-supplied input, and is therefore vulnerable to a cross-site scripting

To exploit this flaw, a possible hacker would need to use the script 'register.php'
to register a user profile containing HTML and script code as his name or

Regular users of the remote website would then display the HTML and/or script
code in their browser when visiting the page 'summary.php'.

Solution : Upgrade to pLog 0.3.3 or newer
Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.