Detections
Analytics
CGI Generic XSS (persistent, 2nd pass)
medium Nessus Plugin ID 51529
Language:
Synopsis
A CGI application hosted on the remote web server is potentially prone to cross-site scripting attacks.Description
The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings containing malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site.These issues are likely to be 'persistent' or 'stored', but this aspect should be checked manually. Please note that persistent XSS can be triggered by any channel that provides information to the application. Nessus cannot test them all.
Solution
Restrict access to the vulnerable application and contact the vendor for a patch or upgrade.See Also
https://en.wikipedia.org/wiki/Cross_site_scripting#Persistent
http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting
Plugin Details
Severity: Medium
ID: 51529
File Name: torture_cgi_persistent_XSS2.nasl
Version: 1.15
Type: remote
Family: CGI abuses : XSS
Published: 1/14/2011
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests