How to Buy
This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.
The remote web server might be prone to cross-site request forgery
Nessus has found HTML forms on the remote web server. Some CGI scripts
do not appear to be protected by random tokens, a common
anti-cross-site request forgery (XSRF) protection. The web application
might be vulnerable to XSRF attacks. Note that :
- Nessus did not exploit the flaw.
- Nessus cannot identify sensitive actions
for example, on an
online bank, consulting an account is less sensitive than
You will need to audit the source of the CGI scripts and check if they
are actually affected.
See also :
Restrict access to the vulnerable application. Contact the vendor for
a patch or upgrade.
Risk factor :
Medium / CVSS Base Score : 6.4
Family: CGI abuses
Nessus Plugin ID: 56818 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.