This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote web server contains two PHP scripts that are prone to
cross-site scripting attacks.
The remote host is running phpSysInfo, a PHP script that parses the
/proc entries on Linux systems and displays them in HTML.
The version of phpSysInfo installed on the remote host is affected by
multiple cross-site scripting vulnerabilities due to its failure to
sanitize user input to the 'sensor_program' parameter of 'index.php'
and the 'text[language]', 'text[template]', and 'VERSION' parameters
of 'system_footer.php'. If PHP's 'register_globals' setting is
enabled, a remote attacker can exploit these flaws to have arbitrary
script rendered in the browser of a user in the context of the
See also :
Upgrade to phpSysInfo 2.5 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 17610 ()
Bugtraq ID: 12887
CVE ID: CVE-2005-0870
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.