Thanks -- I tried: http://serverip:9999/?";<script>alert('test');</script> http://serverip:9999/?<script>alert('test');</script> http://serverip:9999/?";<script>alert('test')</script> http://serverip:9999/?<script>alert('test')</script>
and still haven't seen an alert popup. All popup-blocking is disabled, testing with IE7. Nicolas Pouvesle <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 12/05/2007 02:07 PM To [email protected] cc Subject Re: Possible False Positive Plugin ID 10815 On Dec 5, 2007, at 9:42 PM, [EMAIL PROTECTED] wrote: > > When testing Urchin Web Analytics v5.7.03, this plugin reports a XSS > issue on the login page, however I can't seem to manually reproduce > the error, and believe it's a false positive. try the following request and you will see it is not a false positive : http://serverip:9999/?";<script>alert('test');</script> Nicolas _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
<<image/gif>>
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
