NetCaptor Cross-Domain Dialog Spoofing

low Nessus Network Monitor Plugin ID 2376

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running NetCaptor. NetCaptor is a web browser that is installed 'over' Internet Explorer, using the IE core engine while adding functionality to the GUI. This version of NetCaptor is vulnerable to a flaw where a malicious website can spoof a domain via the Dialog box. An attacker exploiting this flaw may be able to access confidential data from the client.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Low

ID: 2376

Family: Web Clients

Published: 11/1/2004

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Reference Information

BID: 11519, 11520

Detections

Analytics