phpScheduleIt 1.0.0 RC1 Multiple XSS

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a PHP application that is affected by
multiple cross-site scripting vulnerabilities.

Description :

According to its banner, the version of phpScheduleIt on the remote
host is earlier than 1.0.0. Such versions are vulnerable to HTML
injection issues. For example, an attacker may add malicious HTML and
JavaScript code in a schedule page if he has the right to edit the
'Schedule Name' field. This field is not properly sanitized. The
malicious code would be executed by a victim web browser displaying
this schedule.

See also :

Solution :

Upgrade to phpScheduleIt version 1.0.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 14613 ()

Bugtraq ID: 11080

CVE ID: CVE-2004-1651

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial