Summary
The remote web server contains a CGI which is vulnerable to a cross site scripting vulnerability.
Description :
The remote web server contains the 'CGIEmail' CGI, a web based form to send emails.
The remote version of this software contains a vulnerability caused by inadequate processing of queries by CGIEmail's cgicso that results in a cross site scripting condition.
Solution
Modify cgilib.c to contain a stripper function that will remove any HTML or JavaScript tags.
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- An Image Gallery Directory Traversal Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability