Thanks -- http://serverip:9999/?";<br><script>alert('toto');</script> worked --
after I'd sent my reponse, I noticed the page was borked with some text under the login boxes, so it was confirmed. Followup question: the URL from the plugin output "/?<script>cross_site_scripting.nasl</script>", didn't seem to cause any issue -- what's the best way to confirm -- is the working string fairly browser dependent? (Like the one you provided for IE7?).
<<image/gif>>
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
