This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote web server contains a CGI script that is affected by
several non-persistent, cross-site scripting flaws.
The remote host is running Pubcookie, an open source package for
intra-institutional, single-sign-on, end-user web authentication.
The version of the Login Server component of Pubcookie installed on
the remote host fails to sanitize user-supplied input to various
parameters of the 'index.cgi' script before using it to generate
dynamic HTML. An attacker may be able to exploit these issues to
cause arbitrary HTML and script code to be executed by a user's
browser in the context of the affected website, which could be used
to steal authentication credentials or mis-represent the affected
See also :
Upgrade to Pubcookie version 3.2.1b / 3.3.0a or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 21158 ()
Bugtraq ID: 17221
CVE ID: CVE-2006-1392
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.