WebcamXP Chat Name XSS

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a cross-site scripting

Description :

The remote host is running a version of webcamXP, a webcam software
package and integrated web server for Windows, that suffers from an
HTML injection flaw in its chat feature. An attacker can exploit this
flaw by injecting malicious HTML and script code through the nickname
field to redirect chat users to arbitrary sites, steal authentication
cookies, and the like.

See also :

Solution :

Upgrade to webcamXP version 2.16.478 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 18122 ()

Bugtraq ID: 13250

CVE ID: CVE-2005-1189

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial