Test ID:	1.3.6.1.4.1.25623.1.0.18216
Category:	Web application abuses
Title:	PWSPHP XSS
Summary:	The remote host runs PWSPHP (Portail Web System) a CMS written in PHP.;; The remote version of this software is vulnerable to cross-site; scripting attack due to a lack of sanity checks on the 'skin' parameter; in the script SettingsBase.php.;; With a specially crafted URL, an attacker could use the remote server; to set up a cross site script attack.
Description:	Summary: The remote host runs PWSPHP (Portail Web System) a CMS written in PHP. The remote version of this software is vulnerable to cross-site scripting attack due to a lack of sanity checks on the 'skin' parameter in the script SettingsBase.php. With a specially crafted URL, an attacker could use the remote server to set up a cross site script attack. Solution: Upgrade to version 1.2.3 or newer CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1508 Bugtraq: 20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=111565808024581&w=2 http://www.osvdb.org/16228 http://www.osvdb.org/16229 http://www.osvdb.org/16230 http://www.osvdb.org/16231 http://www.osvdb.org/16232 http://secunia.com/advisories/15315 http://www.vupen.com/english/advisories/2005/0503 XForce ISS Database: pwsphp-mulitple-scripts-xss(20500) https://exchange.xforce.ibmcloud.com/vulnerabilities/20500
Copyright	Copyright (C) 2005 David Maciejak

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.