paNews comment.php showpost Parameter XSS

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server contains a PHP application that is affected by a
cross-site scripting issue.

Description :

According to its banner, the remote host is running a version of
paNews that fails to sanitize input to the 'showpost' parameter of the
'comment.php' script before using it to generate dynamic web content.
By coercing an unsuspecting user into visiting a malicious website, an
attacker may be able to possibly steal credentials or execute
browser-side code.

See also :

http://seclists.org/bugtraq/2005/Feb/307

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 16479 ()

Bugtraq ID: 12576

CVE ID: CVE-2005-0485

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now