Pligg register.php reg_username Parameter XSS

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts a web application that is vulnerable to a
cross-site scripting attack.

Description :

The remote web server is hosting a version of Pligg that is affected
by a cross-site scripting vulnerability in the 'reg_username'
parameter of the 'register.php' script.

Also note it has been reported that several other cross-site scripting
vulnerabilities exist in the script 'register.php' via the parameters
'reg_email', 'reg_password', and 'reg_password2', although Nessus has
not checked for them.

See also :

http://www.nessus.org/u?6e396247

Solution :

Upgrade to version 1.1.3 or greater.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 51438 ()

Bugtraq ID:

CVE ID: