Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting Vulnerability

ID EDB-ID:21405
Type exploitdb
Reporter BrainRawt
Modified 2002-04-20T00:00:00


Jon Howell Faq-O-Matic 2.7 Cross Site Scripting Vulnerability. CVE-2002-2011,CVE-2003-0127. Webapps exploit for cgi platform


Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question (FAQ) management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a malformed query, returning the submitted script as an error message which is then processed by the browser. This is done by submitting the script as an argument to the Faq-O-Matic component "fom.cgi" - specifically, to the "file" parameter. This script is then treated by the user's browser as though it originated from the Faq-O-Matic web site.