Detects a URL redirection and reflected XSS vulnerability in Allegro RomPager Web server. The vulnerability has been assigned CVE-2013-6786.
nmap -p80 --script http-vuln-cve2013-6786 <target>
nmap -sV http-vuln-cve2013-6786 <target>
PORT STATE SERVICE
80/tcp open http
| http-vuln-cve2013-6786:
| VULNERABLE:
| URL redirection and reflected XSS vulnerability in Allegro RomPager Web server
| State: VULNERABLE (Exploitable)
| IDs: CVE:CVE-2013-6786
|
| Devices based on Allegro RomPager web server are vulnerable to URL redirection
| and reflected XSS. If Referer header in a request to a non existing page, data
| can be injected into the resulting 404 page. This includes linking to an
| untrusted website and XSS injection.
| Disclosure date: 2013-07-1
| References:
|_ https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf