Resin < Viewfile file Parameter XSS

Medium Nessus Network Monitor Plugin ID 4561

Synopsis

The remote host is vulnerable to a cross-site scripting (XSS) attack.

Description

The remote web server is running Resin.

This version of Resin is vulnerable to a cross-site scripting flaw via the 'file' parameter of the Viewfile application. An attacker exploiting this flaw would be able to execute arbitrary script code in the browsers of other Resin users.

Solution

Upgrade to version 3.0.25, 3.1.4 or higher.

See Also

http://www.nessus.org/u?2ea1b70f

http://www.kb.cert.org/vuls/id/305208

Plugin Details

Severity: Medium

ID: 4561

Family: Web Servers

Published: 2004/08/18

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 33273

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 4.8

Temporal Score: 4.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2008-2462

BID: 29948