Nessus Web Server XSS
Medium Nessus Plugin ID 47833
SynopsisA web server running on the remote host is affected by a cross-site scripting vulnerability.
DescriptionAccording to its self-reported version number, the Nessus web server running on the remote host is affected by a cross-site scripting vulnerability due to improper validation of input to a GET parameter before returning it to users. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade the plugin feed using 'nessus-update-plugins', restart the web server, and verify web server version 1.2.4 or later is running. The web server version can be viewed by logging in and clicking the 'About' button.