PwsPHP profil.php id Parameter XSS

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

A remote web application is vulnerable to cross-site scripting.

Description :

The remote host runs PWSPHP (Portail Web System) a CMS written in PHP.

The remote version of this software is vulnerable to cross-site
scripting attack due to a lack of sanity checks on the 'skin' parameter
in the script SettingsBase.php.

With a specially crafted URL, an attacker could use the remote server
to set up a cross-site scripting attack.

Solution :

Upgrade to version 1.2.3 or newer

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18216 ()

Bugtraq ID: 13561
13563

CVE ID: CVE-2005-1508