phpScheduleIt 1.0.0 RC1 Multiple XSS

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a PHP application that is affected by
multiple cross-site scripting vulnerabilities.

Description :

According to its banner, the version of phpScheduleIt on the remote
host is earlier than 1.0.0. Such versions are vulnerable to HTML
injection issues. For example, an attacker may add malicious HTML and
JavaScript code in a schedule page if he has the right to edit the
'Schedule Name' field. This field is not properly sanitized. The
malicious code would be executed by a victim web browser displaying
this schedule.

See also :

Solution :

Upgrade to phpScheduleIt version 1.0.0 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 14613 ()

Bugtraq ID: 11080

CVE ID: CVE-2004-1651

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now