How to Buy
This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote web server contains a CGI script that is prone to multiple
cross-site scripting attacks.
The remote host is running SandSurfer, a web-based time keeping
A vulnerability has been disclosed in all versions of this software,
up to version 1.7.0 (included) which may allow an attacker to use it
to perform cross-site scripting attacks against third-party users.
See also :
Upgrade to SandSurfer 1.7.1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 12087 ()
Bugtraq ID: 9801
CVE ID: CVE-2004-2550
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.