CVE-2005-2860 - Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject

CVE-2005-2860

Summary

Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.

References

Vulnerable Configurations

cpe:2.3:a:nikto:nikto:*:*:*:*:*:*:*:*
cpe:2.3:a:nikto:nikto:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2016 - 03:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	14717
bugtraq	20050901 CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script
misc	http://www.cybsec.com/vuln/010905-multiple_webscanner_script_injection.pdf
vulnwatch	20050901 CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability

Last major update

18-10-2016 - 03:30

Published

08-09-2005 - 10:03

Last modified

18-10-2016 - 03:30