This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote web server contains a PHP script that is affected by a
cross-site scripting vulnerability.
The remote host is running GForge, a web-based project for
collaborative software development.
The version of GForge installed on the remote host fails to sanitize
user-supplied input to the 'confirm_hash' parameter of the
'account/verify.php' script before using it to generate dynamic
output. An unauthenticated, remote attacker may be able to leverage
this issue to inject arbitrary HTML or script code into a user's
browser to be executed within the security context of the affected
This version may have several other vulnerabilities related to SQL
injection and cross-site scripting, especially if the remote host is
running a Debian build of GForge. Nessus has not checked for these
See also :
Apply the appropriate vendor patch.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 26927 (gforge_confirm_hash_xss.nasl)
Bugtraq ID: 2592335424
CVE ID: CVE-2007-3918CVE-2009-4069
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.