CVE-2005-2860

Name of the Vulnerable Software and Affected Versions Nikto versions 1.35 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header. This injected content is directly inserted into an HTML report.

Recommendations For Nikto versions 1.35 and earlier, as a temporary workaround, consider disabling the generation of HTML reports until a patch is available. Restrict access to the Server field in HTTP response headers to minimize the risk of exploitation. Avoid using the affected Nikto versions for scanning until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.