icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ZeroBoard Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running ZeroBoard, a web-based bulletin board written in PHP. This version of Zeroboard is vulnerable to a cross-site scripting (XSS) flaw as well as a flaw in the 'preg_replace' function. An attacker exploiting these flaws would require that the attacker be able to: 1) convince an unsuspecting user to visit a malicious website 2) send HTTP requests that are parsed by the 'preg_replace' function. Successful exploitation leads to arbitrary code execution on the remote system or arbitrary code executing in client browsers (after following a malicious URI).

Solution

Upgrade or patch according to vendor recommendations.