CGI Generic XSS (quick test)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to cross-site scripting attacks.

Description :

The remote web server hosts CGI scripts that fail to adequately sanitize
request strings with malicious JavaScript. By leveraging this issue,
an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site.
These XSS are likely to be 'non persistent' or 'reflected'.

See also :

http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent
http://www.nessus.org/u?9717ad85
http://projects.webappsec.org/Cross-Site+Scripting

Solution :

Restrict access to the vulnerable application. Contact the vendor
for a patch or upgrade.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 39466 ()

Bugtraq ID:

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial