This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.
The remote web server hosts an application that is prone to a cross-
site scripting attack.
The installed version of Ektron CMS400.NET fails to sanitize user-
supplied input to the 'info' parameter in the 'workarea/reterror.aspx'
script before using it to generate dynamic HTML content.
An unauthenticated, remote attacker may be able to leverage this issue
to inject arbitrary HTML or script code into a user's browser to be
executed within the security context of the affected site.
See also :
Upgrade to Ektron CMS400.NET 7.66 SP5 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 46199 (ektron_cms400_reterror_info_xss.nasl)
Bugtraq ID: 39679