This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.
The remote web server might be prone to cross-site request forgery
Nessus has found HTML forms on the remote web server. Some CGI scripts
do not appear to be protected by random tokens, a common
anti-cross-site request forgery (XSRF) protection. The web application
might be vulnerable to XSRF attacks. Note that :
- Nessus did not exploit the flaw.
- Nessus cannot identify sensitive actions; for example, on an
online bank, consulting an account is less sensitive than
You will need to audit the source of the CGI scripts and check if they
are actually affected.
See also :
Restrict access to the vulnerable application. Contact the vendor for
a patch or upgrade.
Risk factor :
Medium / CVSS Base Score : 6.4
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now