ZeroBoard Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 2636
SynopsisThe remote host is vulnerable to a Cross-Site Scripting (XSS) attack.
DescriptionThe remote host is running ZeroBoard, a web-based bulletin board written in PHP. This version of Zeroboard is vulnerable to a cross-site scripting (XSS) flaw as well as a flaw in the 'preg_replace' function. An attacker exploiting
these flaws would require that the attacker be able to:
1) convince an unsuspecting user to visit a malicious website
2) send HTTP requests that are parsed by the 'preg_replace' function. Successful exploitation leads to arbitrary code execution on the remote system or arbitrary code executing in client browsers (after following a malicious URI).
SolutionUpgrade or patch according to vendor recommendations.