Detections
Analytics

ESET Remote Administrator < 3.0.105 Additional Report Settings XSS

medium Nessus Plugin ID 35611

Synopsis

The remote Windows host contains an application that is affected by an HTML injection vulnerability.

Description

ESET Remote Administrator is installed on the remote system. The installed version is less than version 3.0.105, and such versions are reportedly affected by an HTML injection vulnerability. An attacker can exploit this vulnerability to cause arbitrary HTML and script code to be executed with in the context of the user's browser.

Solution

Upgrade to version 3.0.105.

See Also

http://www.eset.eu/support/changelog-eset-remote-administrator-3

Plugin Details

Severity: Medium

ID: 35611

File Name: eset_ra_3_0_105_html_injection.nasl

Version: 1.15

Type: local

Published: 2/6/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 33633

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

Secunia: 33805