PHP-Nuke paBox Module Hidden Parameter XSS

Medium Nessus Network Monitor Plugin ID 2702


The remote host is vulnerable to an HTML injection attack.


The remote host is running paBox, a web application written in PHP. This version of paBox is vulnerable to a remote HTML/script injection flaw. An attacker exploiting this flaw would only need to be able to send HTTP requests to the vulnerable application. A successful exploit would result in potential theft of confidential data (configuration data, browser cookies, and more) or browser-side code execution.


Upgrade or patch according to vendor recommendations.

See Also

Plugin Details

Severity: Medium

ID: 2702

Family: CGI

Published: 2005/03/14

Modified: 2018/07/11

Dependencies: 1442

Nessus ID: 17336

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND


Base Score: 5.3

Temporal Score: 5.3


Temporal Vector: CVSS3#E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:php_arena:pabox

Reference Information

CVE: CVE-2005-0674

BID: 12719, 12796