Test ID:	1.3.6.1.4.1.25623.1.0.14218
Category:	Web application abuses
Title:	BasiliX Message Content Script Injection Vulnerability
Summary:	The remote web server contains PHP scripts that are prone to cross-site;scripting attacks.;;Description :;;The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are vulnerable to;cross-scripting attacks since they do not filter HTML tags when showing a message. As a result, an attacker can;include arbitrary HTML and script code in a message and have that code executed by the user's browser when it is;viewed.
Description:	Summary: The remote web server contains PHP scripts that are prone to cross-site scripting attacks. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are vulnerable to cross-scripting attacks since they do not filter HTML tags when showing a message. As a result, an attacker can include arbitrary HTML and script code in a message and have that code executed by the user's browser when it is viewed. Solution: Upgrade to BasiliX version 1.1.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1708 BugTraq ID: 5060 http://www.securityfocus.com/bid/5060 Bugtraq: 20020618 BasiliX multiple vulnerabilities (Google Search) http://online.securityfocus.com/archive/1/277710 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html XForce ISS Database: basilix-webmail-headers-css(9384) https://exchange.xforce.ibmcloud.com/vulnerabilities/9384
Copyright	Copyright (C) 2004 George A. Theall

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.