CGI:IRC 'nonjs' Interface Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running CGI:IRC and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to CGI:IRC version 0.5.10 or later, For updates refer to http://cgiirc.org/download/

Insight

The flaw is caused by improper validation of user-supplied input passed via the 'R' parameter in the 'nonjs' interface (interfaces/nonjs.pm), that allows attackers to execute arbitrary HTML and script code on the web server.

Affected

CGI:IRC versions prior to 0.5.10.

References

http://osvdb.org/70844
http://secunia.com/advisories/43217
http://www.vupen.com/english/advisories/2011/0346

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0050
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
A Really Simple Chat Multiple XSS Vulnerabilities
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability

Take action and discover your vulnerabilities