CGI Generic XSS (HTTP Headers)

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.

Synopsis :

The remote web server is prone to cross-site scripting attacks.

Description :

The remote web server hosts CGI scripts that fail to adequately
sanitize HTTP headers of malicious JavaScript. By leveraging this
issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site. Note that injecting HTTP headers needs an additional
flaw or a special vector (like a Flash applet).

Note that these cross-site scripting vulnerabilities are likely to be
'non persistent', also called 'reflected'.

See also :

Solution :

Contact the vendor for a patch or upgrade.

Risk factor :

Low / CVSS Base Score : 2.6

Family: CGI abuses : XSS

Nessus Plugin ID: 46193 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now