This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Zero Science Lab reports :
Input passed via the parameter 'sortby' is not properly sanitised
before being returned to the user or used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
The param 'num' is vulnerable to a XSS issue where the attacker can
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true