24Şub
Web Server Generic Cookie Injection
After running a Nessus scan, one of its plugins checks for cookie injection called "Web Server Generic Cookie Injection" (https://www.tenable.com/plugins/nessus/44135)
The scan shows that this issue exists on a site. It shows that when injecting a javascipt in the request, it is only displayed in the response. However, the javascript is never executed in the response.
So could this finding be considered a false positive? If not, why does Nessus consider it an issue?
