Nessus Web UI Scanned Content Stored XSS
Medium Nessus Plugin ID 88965
SynopsisA web server running on the remote host is affected by a cross-site scripting vulnerability.
DescriptionAccording to its self-reported version number, the Nessus web server running on the remote host is affected by a cross-site scripting vulnerability in the web-based user interface (Web UI) due to improper validation of input passed from plugins before returning it users. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade the plugin feed using 'nessus-update-plugins', restart the web server, and verify Nessus Web UI version 2.3.4 (#85) or later is running. The Web UI version can be viewed by logging in and clicking the 'About' button.