Nessus report XSS attack.

[narutopgm]

Hello nessus report XSS atack.

 

Synopsis: The remote web server is prone to cross-site scripting attacks.

 

Description

The remote host is running a web server that fails to adequately

sanitize request strings of malicious JavaScript. By leveraging this

issue, an attacker may be able to cause arbitrary HTML and script code

to be executed in a user's browser within the security context of the

affected site.

 

Solution

Contact the vendor for a patch or upgrade.

 

See Also

http://en.wikipedia.org/wiki/Cross-site_scripting

 

Risk Factor: Medium

 

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

 

CVSS Temporal Score

3.6 (CVSS2#E:F/RL:OF/RC:C)

 

Plugin Output

The request string used to detect this flaw was :

 

<script>cross_site_scripting.nasl</script>

 

The output was :

 

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8

Server: Mono-HTTPAPI/1.0

Date: Wed, 24 Aug 2011 15:39:37 GMT

Content-Length: 111

Connection: close

 

 

<h1>Bad Request (Invalid url: http://sd001.***********.eu:8890<script>c

ross_site_scripting.nasl</script>)</h1>

 

CVE

CVE-2002-1700

CVE-2003-1543

CVE-2005-2453

CVE-2006-1681

 

BID

5011

5305

7344

7353

8037

14473

17408

 

Xref

OSVDB:18525

OSVDB:24469

OSVDB:42314

OSVDB:4989

OSVDB:58976

CWE:79

CWE:80

CWE:81

CWE:83

CWE:20

CWE:74

CWE:442

CWE:712

CWE:722

CWE:725

CWE:811

CWE:751

CWE:801

CWE:116

 

Vulnerability Publication Date: 2004/04/09

 

Plugin Publication Date: 2001/11/30

 

Plugin Last Modification Date: 2011/03/14

 

Public Exploit Available: True