Info2WWW < 1.2.2.9-23 Argument XSS

medium Nessus Network Monitor Plugin ID 2843

Synopsis

The remote host is running a vulnerable version of Info2WWW, an application that generates informational web pages.

Description

The remote host is running Info2WWW, an application that generates informational web pages. This version of Info2WWW is vulnerable to a remote cross-site scripting (XSS) attack. An attacker exploiting this flaw would typically need to convince a user to browse to a malicious URI. Success exploitation would result in the theft of confidential materials (such as authentication cookies).

Solution

Upgrade to version 1.2.2.9-23 or higher.

Plugin Details

Severity: Medium

ID: 2843

Family: CGI

Published: 4/19/2005

Updated: 3/6/2019

Nessus ID: 18086

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:roar_smith:info2www

Reference Information

CVE: CVE-2004-1341

Detections

Analytics