In Our QA system we are facing the below security scan finding.
Scanning tool used: nessus
Above image text:
|Medium|172.16.1.218|tcp|9201|Web Server Generic XSS|The remote web server is affected by a cross-site scripting
vulnerability.|The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. A remote attacker
can exploit this issue, via a specially crafted request, to execute
arbitrary HTML and script code in a user's browser within the security
context of the affected site.|Contact the vendor for a patch or upgrade.|
| --- | --- | --- | --- | --- |
We are currently using Elasticsearch version 7.17.5 and spring-data-elasticsearch version 4.4.2.
Elastic running as a docker container.
Has anyone else encountered a similar issue? how to resolve this one?