This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.
The remote CGI is vulnerable to an injection attack.
The remote host is vulnerable to a cross-site scripting attack through
its web chat module :
- An attacker may create a new user with a bogus email address containing
- Then the profile of the newly created user or the 'lost password' page
An attacker may use this flaw to steal the cookies of your regular users.
See also :
None at this time, but see the following website for additional
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 11470 ()
Bugtraq ID: 7190