Tenable Network Security Nessus Windows GUI Cross Site Scripting Vulnerability


Description   A vulnerability has been identified in Nessus, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by unspecified input validation errors in the Windows GUI when displaying data, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
     
Vulnerable Products   Vulnerable Software:
Nessus versions prior to 3.0.6
     
Solution   Upgrade to Nessus version 3.0.6 : http://www.nessus.org/download/
     
CVE   CVE-2007-3546
     
References   http://www.nessus.org/news/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2007-06-28 

 Target Type 
Server 

 Possible exploit 
Local & Remote