FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cgiwrap -- XSS Vulnerability

Affected packages
cgiwrap < 4.0_2

Details

VuXML ID bc6a7e79-e111-11dd-afcd-00e0815b8da8
Discovery 2008-06-19
Entry 2009-01-13

Secunia reports:

A vulnerability has been reported in CGIWrap, which can be exploited by malicious people to conduct cross-site scripting attacks.

The vulnerability is caused due to the application generating error messages without specifying a charset. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation may require that the victim uses Internet Explorer or a browser based on Internet Explorer components.

References

CVE Name CVE-2008-2852
URL http://cgiwrap.sourceforge.net/changes.html
URL http://secunia.com/advisories/30765