Details

    • Type: Bug
    • Status: Closed
    • Resolution: Invalid
    • Component/s: Other
    • Labels:
      None

      Description

      hi:

      site scanner send to me this message and i don,t know what i do

      Status:
       
      Not yet addressed
      Synopsis:
       
      The remote web server is prone to cross-site scripting attacks.
      Description:
       
      The remote web server hosts one or more cgi scripts that fail to
      adequately sanitize request strings with malicious JavaScript. By
      leveraging this issue, an attacker may be able to cause arbitrary HTML
      and script code to be executed in a user's browser within the security
      context of the affected site. These XSS vulnerabilities are likely to
      be 'non-persistent' or 'reflected'.
      See Also:
       
      http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent
      http://www.Site Scanner.org/u?9717ad85
      http://projects.webappsec.org/Cross-Site+Scripting
      Risk Factor:
       
      Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
      Solution:
       
      Restrict access to the vulnerable application. Contact the vendor
      for a patch or upgrade.
       
      Output:
       
      Using the POST HTTP method, Site Scanner found that :
      + The following resources may be vulnerable to cross-site scripting (extended patterns) :
      + The 'terms' parameter of the /forum/search.php CGI :
      /forum/search.php?&sr=topics&search_id=unreadposts [terms=508 src=http:/
      /www.example.com/exploit508.js]
      -------- output --------
      <br />
      <form method="post" action="./search.php?&amp;sr=topics&amp;search_id=un
      readposts&amp;terms=508 src=http://www.example.com/exploit508.js">
      <table width="100%" cellspacing="1">
      ------------------------
      + The 'username' parameter of the /forum/ucp.php CGI :
      /forum/ucp.php?mode=sendpassword [username=508 src=http://www.example.co
      m/exploit508.js]
      -------- output --------
      <tr>
      <td class="row1" width="38%"><b class="genmed"> [...]
      <td class="row2"><input type="text" class="post" name="username" size="2
      5" value="508 src=http://www.example.com/exploit508.js" /></td>
      </tr>
      <tr>
      ------------------------
      Other references : CWE:79, CWE:80, CWE:81, CWE:83, CWE:20, CWE:74, CWE:442, CWE:712, CWE:722, CWE:725, CWE:811, CWE:751, CWE:801, CWE:116, CWE:692, CWE:86

      i use phpbb3.0.9

      and used godaddy site scanner

      please tell me . Solve this problem

        Attachments

          Activity

            People

            • Assignee:
              Noxwizard Patrick Webster
              Reporter:
              egyptianweb egyptianweb [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: