CGIEmail's Cross Site Scripting Vulnerability (cgicso) Network Vulnerability

Summary

The remote web server contains a CGI which is vulnerable to a cross site scripting vulnerability. Description : The remote web server contains the 'CGIEmail' CGI, a web based form to send emails. The remote version of this software contains a vulnerability caused by inadequate processing of queries by CGIEmail's cgicso that results in a cross site scripting condition.

Solution

Modify cgilib.c to contain a stripper function that will remove any HTML or JavaScript tags.

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
An Image Gallery Directory Traversal Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability

Take action and discover your vulnerabilities