FreeBSD : Pubcookie Login Server -- XSS vulnerability (115a1389-858e-11e0-a76c-000743057ca2)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Nathan Dors, Pubcookie Project reports :

A new non-persistent XSS vulnerability was found in the Pubcookie
login server's compiled binary 'index.cgi' CGI program. The CGI
program mishandles untrusted data when printing responses to the
browser. This makes the program vulnerable to carefully crafted
requests containing script or HTML. If an attacker can lure an
unsuspecting user to visit carefully staged content, the attacker can
use it to redirect the user to his or her local Pubcookie login page
and attempt to exploit the XSS vulnerability.

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 54619 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now