[Japanese]

JVNDB-2007-000086

CGI RESCUE WebFORM vulnerable to cross-site scripting

Overview

WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


CGI RESCUE
  • WebFORM 4.3 and earlier

Impact

An abitrary script may be executed on the user's web browser.
Solution

Vendor Information

CGI RESCUE
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-0547
References

  1. JVN : JVN#05123538
  2. National Vulnerability Database (NVD) : CVE-2007-0547
  3. Secunia Advisory : SA23913
Revision History

  • [2008/05/21]
      Web page published