Nessus Web Server XSS

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

A web server running on the remote host is affected by a cross-site
scripting vulnerability.

Description :

According to its self-reported version number, the Nessus web server
running on the remote host is affected by a cross-site scripting
vulnerability due to improper validation of input to a GET parameter
before returning it to users. A remote attacker can exploit this, via
a specially crafted request, to execute arbitrary script code in a
user's browser session.

See also :

https://discussions.nessus.org/message/7245#7245
https://www.tenable.com/security/tns-2010-01

Solution :

Upgrade the plugin feed using 'nessus-update-plugins', restart the web
server, and verify web server version 1.2.4 or later is running. The
web server version can be viewed by logging in and clicking the
'About' button.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 47833 ()

Bugtraq ID: 41966

CVE ID: CVE-2010-2914