CGI Generic XSS (Parameters Names)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to cross-site scripting attacks.

Description :

The remote web server hosts CGI scripts that fail to adequately
sanitize parameters name of malicious JavaScript. By leveraging this
issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site.

See also :

http://en.wikipedia.org/wiki/Cross_site_scripting
http://capec.mitre.org/data/definitions/86.html
http://projects.webappsec.org/Cross-Site+Scripting

Solution :

Contact the vendor for a patch or upgrade.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 51972 ()

Bugtraq ID:

CVE ID: