FreeBSD : xapian-omega -- XSS vulnerability (b46f3a1e-a052-11de-a649-000c2955660f)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Olly Betts reports :

There's a cross-site scripting issue in Omega - exception messages
don't currently get HTML entities escaped, but can contain CGI
parameter values in some cases.

See also :

http://www.nessus.org/u?8a0fe5c9
http://www.nessus.org/u?729f1615

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 40958 (freebsd_pkg_b46f3a1ea05211dea649000c2955660f.nasl)

Bugtraq ID:

CVE ID: CVE-2009-2947

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now