FreeBSD : ejabberd -- XSS vulnerability (cf91c1e4-2b6d-11de-931b-00e0815b8da8)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

SecurityFocus reports :

The ejabberd application is prone to a cross-site scripting
vulnerability.

An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected
site and to steal cookie-based authentication credentials.

See also :

http://www.nessus.org/u?d9ebc02a

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 36194 (freebsd_pkg_cf91c1e42b6d11de931b00e0815b8da8.nasl)

Bugtraq ID: 34133

CVE ID: CVE-2009-0934

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now