FreeBSD : Pligg CMS -- XSS Vulnerability (c290f093-c89e-11e6-821e-68f7288bdf41)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Netsparker reports:

Proof of Concept URL for XSS in Pligg CMS :

Page: groups.php

Parameter Name: keyword

Parameter Type: GET

Attack Pattern:
http://example.com/pligg-cms-2.0.2/groups.php?view=search&keyword='+al
ert(0x000D82)+'

For more information on cross-site scripting vulnerabilities read the
article Cross-site Scripting (XSS).

See also :

http://www.nessus.org/u?44a22f24
http://www.nessus.org/u?8ce252b8

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96119 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now