phpScheduleIt < 1.0.0 New User Registration HTML Injection

Medium Nessus Network Monitor Plugin ID 2191


The remote host is vulnerable to an HTML injection attack.


The remote host is running phpScheduleIt. According to its banner, this version is reported vulnerable to an HTML injection issue. An attacker may add malicious HTML and Javascript code in a schedule page if they have the right to edit the 'Schedule Name' field. This field is not properly sanitized. The malicious code would be executed by a victim's web browser displaying this schedule.


Upgrade to phpScheduleIt 1.0.0 or higher.

Plugin Details

Severity: Medium

ID: 2191

Family: CGI

Published: 2004/09/01

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2004-1651

BID: 11080