CGI Generic HTML Injections (quick test)
Medium Nessus Plugin ID 49067
SynopsisThe remote web server may be prone to HTML injections.
The remote web server may be vulnerable to IFRAME injections or cross-site scripting attacks :
- IFRAME injections allow 'virtual defacement' that might scare or anger gullible users. Such injections are sometimes implemented for 'phishing' attacks.
- XSS are extensively tested by four other scripts.
- Some applications (e.g. web forums) authorize a subset of HTML without any ill effect. In this case, ignore this warning.
SolutionEither restrict access to the vulnerable application or contact the vendor for an update.