Info2WWW < 1.2.2.9-23 Argument XSS

Medium Nessus Network Monitor Plugin ID 2843

Synopsis

The remote host is running a vulnerable version of Info2WWW, an application that generates informational web pages.

Description

The remote host is running Info2WWW, an application that generates informational web pages. This version of Info2WWW is vulnerable to a remote cross-site scripting (XSS) attack. An attacker exploiting this flaw would typically need to convince a user to browse to a malicious URI. Success exploitation would result in the theft of confidential materials (such as authentication cookies).

Solution

Upgrade to version 1.2.2.9-23 or higher.

Plugin Details

Severity: Medium

ID: 2843

File Name: 2843.prm

Family: CGI

Published: 2005/04/19

Modified: 2016/01/30

Dependencies: 1442

Nessus ID: 18086

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 4

Temporal Score: 3.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2004-1341

OSVDB: 15673