Detections
Analytics
BMForum Multiple Script XSS
medium Nessus Plugin ID 19500
Language:
Synopsis
The remote web server contains a PHP application that is vulnerable to cross-site scripting attacks.Description
The remote host is running BMForum, a web forum written in PHP.The remote version of this software is affected by several cross-site scripting vulnerabilities. The issues are due to failures of the application to properly sanitize user-supplied input.
Solution
Unknown at this time.See Also
Plugin Details
Severity: Medium
ID: 19500
File Name: bmforum_xss.nasl
Version: 1.28
Type: remote
Family: CGI abuses : XSS
Published: 8/24/2005
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:bmforum:bmforum
Required KB Items: www/PHP, Settings/ParanoidReport
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 7/27/2005
Reference Information
BID: 14396