Apache Roller q Parameter XSS

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a Java web application that is affected
by a cross-site scripting vulnerability.

Description :

The remote host is running Apache Roller, a multi-user blog server
written in Java.

The version of Apache Roller installed on the remote host fails to
sanitize user input to the 'q' parameter of search requests before
including it in dynamic HTML output. An attacker may be able to
leverage this issue to inject arbitrary HTML and script code into a
user's browser to be executed within the security context of the
affected site.

See also :


Solution :

Apply the code fix referenced in revision 668737 from the Subversion

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 35299 (apache_roller_q_xss.nasl)

Bugtraq ID: 33110

CVE ID: CVE-2008-6879

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now