ID de Prueba:	1.3.6.1.4.1.25623.1.0.18216
Categoría:	Web application abuses
Título:	PWSPHP XSS
Resumen:	The remote host runs PWSPHP (Portail Web System) a CMS written in PHP.;; The remote version of this software is vulnerable to cross-site; scripting attack due to a lack of sanity checks on the 'skin' parameter; in the script SettingsBase.php.;; With a specially crafted URL, an attacker could use the remote server; to set up a cross site script attack.
Descripción:	Summary: The remote host runs PWSPHP (Portail Web System) a CMS written in PHP. The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on the 'skin' parameter in the script SettingsBase.php. With a specially crafted URL, an attacker could use the remote server to set up a cross site script attack. Solution: Upgrade to version 1.2.3 or newer CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1508 Bugtraq: 20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=111565808024581&w=2 http://www.osvdb.org/16228 http://www.osvdb.org/16229 http://www.osvdb.org/16230 http://www.osvdb.org/16231 http://www.osvdb.org/16232 http://secunia.com/advisories/15315 http://www.vupen.com/english/advisories/2005/0503 XForce ISS Database: pwsphp-mulitple-scripts-xss(20500) https://exchange.xforce.ibmcloud.com/vulnerabilities/20500
Copyright	Copyright (C) 2005 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.