Ultimate PHP Board < 1.9.7 Multiple XSS
Medium Nessus Network Monitor Plugin ID 3017
SynopsisThe remote host has a PHP script that may allow arbitrary code execution on the remote system
DescriptionThe remote host is running Ultimate PHP Board, a message board written in PHP. Versions of Ultimate less than 1.9.7 are vulnerable to multiple Cross-Site Scripting (XSS) flaws. An attacker exploiting these flaws would typically need to be able to convince a user to browse to a malicious URI. Successful exploitation would result in arbitrary code executing in the client browser and possible theft of confidential data (such as authentication cookies).
SolutionUpgrade to version 1.9.7 or higher.