Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.
References
Link | Resource |
---|---|
http://www.ioactive.com/pdfs/AccoriaWebServer.pdf | Exploit |
http://www.kb.cert.org/vuls/id/245081 | US Government Resource |
http://www.ioactive.com/pdfs/AccoriaWebServer.pdf | Exploit |
http://www.kb.cert.org/vuls/id/245081 | US Government Resource |
Configurations
History
21 Nov 2024, 01:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.ioactive.com/pdfs/AccoriaWebServer.pdf - Exploit | |
References | () http://www.kb.cert.org/vuls/id/245081 - US Government Resource |
Information
Published : 2010-06-15 14:30
Updated : 2024-11-21 01:16
NVD link : CVE-2010-2267
Mitre link : CVE-2010-2267
CVE.ORG link : CVE-2010-2267
JSON object : View
Products Affected
accoria
- rock_web_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')