Intrusion Prevention

Web.Scanner.HTML.Injection

Description

Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.

Affected Products

Nikto Nikto 1.35
N-Stalker N-Stealth Free Edition 5.8
N-Stalker N-Stealth Commercial Edition 5.8

Impact

Inject arbitrary web script or HTML

Recommended Actions

N-Stalker has released updated versions addressing this issue. Users are advised to contact the vendor for information regarding obtaining updates.
Nikto has released an update advising users to be cautious when viewing HTML reports.
N-Stalker N-Stealth Free Edition 5.8
N-Stalker N-Stealth 5.8.1.03

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	13812
Created	Jan 30, 2007
Updated	Mar 04, 2022
Risk
CVE ID	CVE-2005-2860
Exploit Prediction Score	0.55%
Default Action	drop
Active
Affected OS	Windows, Linux, BSD, Solaris
Affected App	Other

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

Web.Scanner.HTML.Injection

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

Web.Scanner.HTML.Injection

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center