CGI Generic XSS (persistent, 2nd pass)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

A CGI application hosted on the remote web server is potentially
prone to cross-site scripting attacks.

Description :

The remote web server hosts one or more CGI scripts that fail to
adequately sanitize request strings containing malicious JavaScript.
By leveraging this issue, an attacker may be able to cause arbitrary
HTML and script code to be executed in a user's browser within the
security context of the affected site.

These issues are likely to be 'persistent' or 'stored', but this
aspect should be checked manually. Please note that persistent XSS
can be triggered by any channel that provides information to the
application. Nessus cannot test them all.

See also :

http://en.wikipedia.org/wiki/Cross_site_scripting#Persistent
http://projects.webappsec.org/Cross-Site+Scripting

Solution :

Restrict access to the vulnerable application and contact the vendor
for a patch or upgrade.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 51529 ()

Bugtraq ID:

CVE ID: