This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.
An application running on the remote web server has a cross-site
The version of BuildBot WebStatus running on the remote host has a
cross-site scripting vulnerability. Input to the 'branch' parameter
of the '/waterfall/help' page is not properly sanitized. A remote
attacker could exploit this by tricking a user into requesting a
malicious URL, which could result in the execution of arbitrary
This version of BuildBot has several other cross-site scripting
vulnerabilities, though Nessus has not checked for those issues.
See also :
Upgrade to BuildBot 0.7.11p3 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true