Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbSuperpetzEDB-ID:21263
HistoryFeb 04, 2002 - 12:00 a.m.

Faq-O-Matic 2.6/2.7 - Cross-Site Scripting

2002-02-0400:00:00
superpetz
www.exploit-db.com
22

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/4023/info

FAQ-O-Matic is a freely available, open-source FAQ (Frequently Asked Questions) manager. It is intended to run on Linux and Unix variants.

FAQ-O-Matic does not sufficiently filter script code from URL parameters. It is possible to create a malicious link containing arbitrary script code. When a legitimate user browses the malicious link, the script code will be executed in the user's browser in the context of the website running Faq-O-Matic.

As a result, it may be possible for a remote attacker to steal cookie-based authentication credentials from a legitimate user of the service.

http://faqomaticsite/cgi-bin/fom/fom.cgi?cmd=<script>alert("superpetz")</script>&file=1&keywords=superpetz

Related

cve 1
nvd 1
cvelist 1
nessus 3
openvas 4
cve
cve
CVE-2002-0230
2002-05-16 04:00:00
nvd
nvd
CVE-2002-0230
2002-05-16 04:00:00
cvelist
cvelist
CVE-2002-0230
2002-05-03 04:00:00
nessus
nessus
Debian DSA-109-1 : faqomatic - XSS vulnerability
2004-09-29 00:00:00
Faq-O-Matic fom.cgi Multiple Parameter XSS
2004-10-21 00:00:00
Multiple Dangerous CGI Script Detection
2003-06-17 00:00:00
openvas
openvas
Debian Security Advisory DSA 109-1 (faqomatic)
2008-01-17 00:00:00
Debian Security Advisory DSA 109-1 (faqomatic)
2008-01-17 00:00:00
Faq-O-Matic 'fom.cgi' XSS Vulnerability
2005-11-03 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21263
cve1nvd1cvelist1nessus3openvas4