Hi!
I'm new at the list. I dont know if this is the place to expose my suggestion.
I'm working with Nessus and we saw (with my colleagues) this description in
plugin ID 10815:
"The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript."
We think that XSS is a vulnerability on applications, not on servers.
In my opinion, it must be: "... is running a web application that fails ... "
What do you think? What if it's wrong? Who is the responsible to changes it?
Thanks,
Sebastian
____________________________________________________________________________________
¡Buscá desde tu celular!
Yahoo! oneSEARCH ahora está en Claro
http://ar.mobile.yahoo.com/onesearch_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
