PwsPHP profil.php id Parameter XSS

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.

Synopsis :

A remote web application is vulnerable to cross-site scripting.

Description :

The remote host runs PWSPHP (Portail Web System) a CMS written in PHP.

The remote version of this software is vulnerable to cross-site
scripting attack due to a lack of sanity checks on the 'skin' parameter
in the script SettingsBase.php.

With a specially crafted URL, an attacker could use the remote server
to set up a cross-site scripting attack.

Solution :

Upgrade to version 1.2.3 or newer

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18216 ()

Bugtraq ID: 13561

CVE ID: CVE-2005-1508

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now