Family: CGI abuses : XSS --> Category: infos
Nag common-footer.inc Cross-Site Scripting Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for cross-site scripting vulnerability in Nag common-footer.inc
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to a cross-
site scripting attack.
According to its version, the remote installation of Nag fails to
fully sanitize user-supplied input when setting the parent frame's
leveraging this flaw, a possible hacker may be able to inject arbitrary HTML
and script code into a user's browser to be executed in the context of
the affected web site, thereby resulting in the theft of session
cookies and similar attacks.
See also :
Upgrade to Nag 1.1.3 or later.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.