Resin < Viewfile file Parameter XSS

medium Nessus Network Monitor Plugin ID 4561

Synopsis

The remote host is vulnerable to a cross-site scripting (XSS) attack.

Description

The remote web server is running Resin.

This version of Resin is vulnerable to a cross-site scripting flaw via the 'file' parameter of the Viewfile application. An attacker exploiting this flaw would be able to execute arbitrary script code in the browsers of other Resin users.

Solution

Upgrade to version 3.0.25, 3.1.4 or higher.

See Also

http://www.nessus.org/u?2ea1b70f

http://www.kb.cert.org/vuls/id/305208

Plugin Details

Severity: Medium

ID: 4561

Family: Web Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 33273

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:caucho:resin

Reference Information

CVE: CVE-2008-2462

BID: 29948