CiscoWorks Server Common Services Login Page XSS

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts a CGI script that is affected by a cross-
site scripting vulnerability.

Description :

CiscoWorks Server (CS) is vulnerable to cross-site scripting (XSS)
attacks affecting its login page.

When this XSS vulnerability is exploited, malicious code or script is
embedded within the URL and associated with an unsuccessful login
attempt page refresh.

See also :

http://www.nessus.org/u?92d48137
http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml

Solution :

Apply the point patch referenced in Cisco's advisory.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 33947 ()

Bugtraq ID: 26708

CVE ID: CVE-2007-5582

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now