Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ZeroBoard Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running ZeroBoard, a web-based bulletin board written in PHP. This version of Zeroboard is vulnerable to a cross-site scripting (XSS) flaw as well as a flaw in the 'preg_replace' function. An attacker exploiting these flaws would require that the attacker be able to: 1) convince an unsuspecting user to visit a malicious website 2) send HTTP requests that are parsed by the 'preg_replace' function. Successful exploitation leads to arbitrary code execution on the remote system or arbitrary code executing in client browsers (after following a malicious URI).

Solution

Upgrade or patch according to vendor recommendations.