CGI Generic XSS (quick test)

medium Nessus Plugin ID 39466


The remote web server is prone to cross-site scripting attacks.


The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site.
These XSS are likely to be 'non persistent' or 'reflected'.


Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade to address any cross-site scripting vulnerabilities.

See Also

Plugin Details

Severity: Medium

ID: 39466

File Name: torture_cgi_cross_site_scripting.nasl

Version: 1.45

Type: remote

Published: 6/19/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information


Risk Factor: Medium

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 20, 74, 79, 80, 81, 83, 86, 116, 442, 692, 712, 722, 725, 751, 801, 811, 928, 931