PHP-Nuke paBox Module Hidden Parameter XSS
Medium Nessus Network Monitor Plugin ID 2702
SynopsisThe remote host is vulnerable to an HTML injection attack.
DescriptionThe remote host is running paBox, a web application written in PHP. This version of paBox is vulnerable to a remote HTML/script injection flaw. An attacker exploiting this flaw would only need to be able to send HTTP requests to the vulnerable application. A successful exploit would result in potential theft of confidential data (configuration data, browser cookies, and more) or browser-side code execution.
SolutionUpgrade or patch according to vendor recommendations.