Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

XAMPP < 1.4.14 Default Installation Multiple HTML Injection (deprecated)

High

Synopsis

The remote host is running the XAMPP web server, a version of Apache that comes pre-bundled with Perl, MySQL, and PHP.

Description

The remote host is running the XAMPP web server, a version of Apache that comes pre-bundled with Perl, MySQL, and PHP. This version of XAMPP is reported to be prone to remote HTML injection attacks. An attacker, exploiting this flaw, would need to be able to convince a user to browse to a malicious URI. Successful exploitation would result in the attacker executing malicious code within the user's browser, possibly leading to theft of confidential data.

Solution

Upgrade to version 1.4.14 or higher.