Web Server Generic XSS

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to cross-site scripting attacks.

Description :

The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. By leveraging this
issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site.

See also :

http://en.wikipedia.org/wiki/Cross-site_scripting

Solution :

Contact the vendor for a patch or upgrade.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 10815 (cross_site_scripting.nasl)

Bugtraq ID: 5011
5305
7344
7353
8037
14473
17408
54344

CVE ID: CVE-2002-1700
CVE-2003-1543
CVE-2005-2453
CVE-2006-1681
CVE-2012-3382