Apache Traffic Server 4.x < 4.2.0 XSS
Medium Nessus Network Monitor Plugin ID 8623
SynopsisThe remote caching server contains a cross-site scripting vulnerability.
DescriptionApache Traffic Server versions 4.x prior to 4.2.0 are affected by a cross-site scripting vulnerability due to improperly sanitized user-supplied input. By sending a specially crafted host header, a remote, unauthenticated attacker can execute arbitrary script code in the victim's browser in the context of the affected site.
SolutionUpgrade to Apache Traffic Server 4.2.0 or later.