CGI Generic Script Injection (quick test)

medium Nessus Plugin ID 55904

Synopsis

The remote web server is prone to cross-site scripting attacks.

Description

The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to inject malicious code in an existing 'script' block and cause arbitrary script code to be executed in a user's browser within the security context of the affected site. These XSS vulnerabilities are likely to be 'non persistent' or 'reflected'.

Solution

Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.

See Also

https://en.wikipedia.org/wiki/Cross_site_scripting#Non-persistent

http://www.nessus.org/u?ea9a0369

http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting

Plugin Details

Severity: Medium

ID: 55904

File Name: torture_cgi_script_injection.nasl

Version: 1.14

Type: remote

Published: 8/4/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 116, 20, 442, 692, 712, 722, 725, 74, 751, 79, 80, 801, 81, 811, 83, 86, 928, 931