Detections
Analytics

XAMPP < 1.4.14 Default Installation Multiple HTML Injection (deprecated)

high Nessus Network Monitor Plugin ID 2816

Synopsis

The remote host is running the XAMPP web server, a version of Apache that comes pre-bundled with Perl, MySQL, and PHP.

Description

The remote host is running the XAMPP web server, a version of Apache that comes pre-bundled with Perl, MySQL, and PHP. This version of XAMPP is reported to be prone to remote HTML injection attacks. An attacker, exploiting this flaw, would need to be able to convince a user to browse to a malicious URI. Successful exploitation would result in the attacker executing malicious code within the user's browser, possibly leading to theft of confidential data.

Solution

Upgrade to version 1.4.14 or higher.

See Also

http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0236.html

Plugin Details

Severity: High

ID: 2816

Family: CGI

Published: 4/12/2005

Updated: 3/6/2019

Nessus ID: 18036, 18037

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X

Reference Information

CVE: CVE-2005-1077, CVE-2005-1078, CVE-2005-2043

BID: 13128, 13127, 13131, 13126, 13983, 13982