narutopgm Posted August 24, 2011 Share Posted August 24, 2011 Hello nessus report XSS atack. Synopsis: The remote web server is prone to cross-site scripting attacks. Description The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Solution Contact the vendor for a patch or upgrade. See Also http://en.wikipedia.org/wiki/Cross-site_scripting Risk Factor: Medium CVSS Base Score 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N) CVSS Temporal Score 3.6 (CVSS2#E:F/RL:OF/RC:C) Plugin Output The request string used to detect this flaw was : <script>cross_site_scripting.nasl</script> The output was : HTTP/1.1 400 Bad Request Content-Type: text/html; charset=utf-8 Server: Mono-HTTPAPI/1.0 Date: Wed, 24 Aug 2011 15:39:37 GMT Content-Length: 111 Connection: close <h1>Bad Request (Invalid url: http://sd001.***********.eu:8890<script>c ross_site_scripting.nasl</script>)</h1> CVE CVE-2002-1700 CVE-2003-1543 CVE-2005-2453 CVE-2006-1681 BID 5011 5305 7344 7353 8037 14473 17408 Xref OSVDB:18525 OSVDB:24469 OSVDB:42314 OSVDB:4989 OSVDB:58976 CWE:79 CWE:80 CWE:81 CWE:83 CWE:20 CWE:74 CWE:442 CWE:712 CWE:722 CWE:725 CWE:811 CWE:751 CWE:801 CWE:116 Vulnerability Publication Date: 2004/04/09 Plugin Publication Date: 2001/11/30 Plugin Last Modification Date: 2011/03/14 Public Exploit Available: True Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now