icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

XAMPP < 1.4.14 Default Installation Multiple HTML Injection

High

Synopsis

The remote host is running the XAMPP web server, a version of Apache that comes pre-bundled with Perl, MySQL, and PHP.

Description

The remote host is running the XAMPP web server, a version of Apache that comes pre-bundled with Perl, MySQL, and PHP. This version of XAMPP is reported to be prone to remote HTML injection attacks. An attacker, exploiting this flaw, would need to be able to convince a user to browse to a malicious URI. Successful exploitation would result in the attacker executing malicious code within the user's browser, possibly leading to theft of confidential data.

Solution

Upgrade to version 1.4.14 or higher.