CVE-2010-2267

Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc parameter to loadstatic.cgi, (3) the name parameter to httpdcfg.cgi, or (4) the dns parameter to servercfg.cgi.
Configurations

Configuration 1 (hide)

cpe:2.3:a:accoria:rock_web_server:1.4.7:*:*:*:*:*:*:*

History

21 Nov 2024, 01:16

Type Values Removed Values Added
References () http://www.ioactive.com/pdfs/AccoriaWebServer.pdf - Exploit () http://www.ioactive.com/pdfs/AccoriaWebServer.pdf - Exploit
References () http://www.kb.cert.org/vuls/id/245081 - US Government Resource () http://www.kb.cert.org/vuls/id/245081 - US Government Resource

Information

Published : 2010-06-15 14:30

Updated : 2024-11-21 01:16


NVD link : CVE-2010-2267

Mitre link : CVE-2010-2267

CVE.ORG link : CVE-2010-2267


JSON object : View

Products Affected

accoria

  • rock_web_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')