CGI Generic XSS (extended patterns)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is prone to cross-site scripting attacks.

Description :

The remote web server hosts one or more CGI scripts that fail to
adequately sanitize request strings with malicious JavaScript. By
leveraging this issue, an attacker may be able to cause arbitrary HTML
and script code to be executed in a user's browser within the security
context of the affected site. These XSS vulnerabilities are likely to
be 'non-persistent' or 'reflected'.

See also :

http://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent
http://www.nessus.org/u?9717ad85
http://projects.webappsec.org/Cross-Site+Scripting

Solution :

Restrict access to the vulnerable application. Contact the vendor
for a patch or upgrade.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 55903 ()

Bugtraq ID:

CVE ID: