Nessus Web Server XSS

This script is Copyright (C) 2010-2011 Tenable Network Security, Inc.


Synopsis :

A web server running on the remote host has a cross-site scripting
vulnerability.

Description :

According to its self-reported version number, the Nessus web server
running on the remote host has a cross-site scripting vulnerability.

A remote attacker could exploit this by tricking a user into making a
maliciously crafted request, resulting in the execution of arbitrary
script code.

See also :

https://discussions.nessus.org/message/7245#7245

Solution :

Upgrade the plugin feed using 'nessus-update-plugins', restart the web
server, and verify web server version 1.2.4 or later is running. The
web server version can be viewed by logging in and clicking the
'About' button.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 47833 ()

Bugtraq ID: 41966

CVE ID: CVE-2010-2914