Nessus Web Server XSS

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

A web server running on the remote host is affected by a cross-site
scripting vulnerability.

Description :

According to its self-reported version number, the Nessus web server
running on the remote host is affected by a cross-site scripting
vulnerability due to improper validation of input to a GET parameter
before returning it to users. A remote attacker can exploit this, via
a specially crafted request, to execute arbitrary script code in a
user's browser session.

See also :

https://discussions.nessus.org/message/7245#7245
https://www.tenable.com/security/tns-2010-01

Solution :

Upgrade the plugin feed using 'nessus-update-plugins', restart the web
server, and verify web server version 1.2.4 or later is running. The
web server version can be viewed by logging in and clicking the
'About' button.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 47833 ()

Bugtraq ID: 41966

CVE ID: CVE-2010-2914

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial