Intrusion PreventionphpCMS.Parser.XSS
Description
It indicates a possible cross-site scripting attack attempt through a vulnerability in phpCMS.
phpCMS is a free open source web content management system. It has been reported that phpCMS has a cross-site scripting vulnerability when non-stealth and debug modes are both enabled. Due to insufficient sanitization of user-supplied input, a remote attacker could conduct cross-site scripting attacks by embedding arbitrary script in the "file" parameter of the parser.php script.
Affected Products
Any unprotected phpCMS 1.1.9, 1.2.0, or 1.2.1 is vulnerable.
Impact
An attacker can create malicious links which when followed cause arbitrary script to be executed in the browsers of the unsuspecting users.
Recommended Actions
Apply appropriate patches or upgrade the application to the latest non-vulnerable version.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-04-09 | 14.589 | Default_action:pass:drop |
| ID | 12750 |
| Created | Sep 11, 2006 |
| Updated | Jun 09, 2022 |
| Risk |
|
| CVE ID | CVE-2004-1202 |
| Exploit Prediction Score | 68.88% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |