The remote web server is affected by a cross-site scripting vulnerability

In Our QA system we are facing the below security scan finding.

Scanning tool used: nessus

Above image text:

|Medium|172.16.1.218|tcp|9201|Web Server Generic XSS|The remote web server is affected by a cross-site scripting
vulnerability.|The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. A remote attacker
can exploit this issue, via a specially crafted request, to execute
arbitrary HTML and script code in a user's browser within the security
context of the affected site.|Contact the vendor for a patch or upgrade.|
| --- | --- | --- | --- | --- |

We are currently using Elasticsearch version 7.17.5 and spring-data-elasticsearch version 4.4.2.

Elastic running as a docker container.

Has anyone else encountered a similar issue? how to resolve this one?

Seems like a bug in Nessus, I suggest you ask them for help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.