Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/384427 | Exploit US Government Resource |
http://secunia.com/advisories/46894 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/70434 |
Configurations
Information
Published : 2011-11-03 03:55
Updated : 2017-08-28 18:30
NVD link : CVE-2011-4273
Mitre link : CVE-2011-4273
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
goahead
- goahead_webserver