HTTPD-User-Manage cross-site scripting vulnerability


HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings.

This problem does not occur when only the library for managing database is solely used.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Lincoln D. Stein
  • HTTPD-User-Manage 1.62 and earlier


A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage.

Vendor Information

Lincoln D. Stein
CWE (What is CWE?)

CVE (What is CVE?)


  1. JVN : JVN#30451602
Revision History

  • [2008/05/21]
      Web page published