Pligg contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URI upon submission to the 'search.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Update the file from the SVN repository.

Unknown or Incomplete

• Secunia Advisory ID: 40616
• Bugtraq ID: 41729
• Vendor Specific News/Changelog Entry: http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2030
• Mail List Post: http://seclists.org/bugtraq/2010/Jul/123
• Other Advisory URL: http://www.htbridge.ch/advisory/xss_vulnerability_in_pligg_search_module.html
• Vendor URL: http://www.pligg.com/

Unknown or Incomplete

NVD does not currently have a CVSSv2 score assigned.