Pligg register.php reg_username Parameter XSS

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server hosts a web application that is vulnerable to a
cross-site scripting attack.

Description :

The remote web server is hosting a version of Pligg that is affected
by a cross-site scripting vulnerability in the 'reg_username'
parameter of the 'register.php' script.

Also note it has been reported that several other cross-site scripting
vulnerabilities exist in the script 'register.php' via the parameters
'reg_email', 'reg_password', and 'reg_password2', although Nessus has
not checked for them.

See also :

Solution :

Upgrade to version 1.1.3 or greater.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: CGI abuses : XSS

Nessus Plugin ID: 51438 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now