GoAhead Web Server 2.18 - addgroup.asp?group Cross-Site Scripting
{"lastseen": "2020-04-01T20:40:01", "references": [], "description": "\nGoAhead Web Server 2.18 - addgroup.asp?group Cross-Site Scripting", "edition": 1, "reporter": "Silent Dream", "exploitpack": {"type": "remote", "platform": "windows"}, "published": "2011-10-10T00:00:00", "title": "GoAhead Web Server 2.18 - addgroup.asp?group Cross-Site Scripting", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": -0.5, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.5}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2011-10-10T00:00:00", "id": "EXPLOITPACK:3035160DB5757A0102F03BE94B6614F8", "href": "", "viewCount": 3, "sourceData": "source: https://www.securityfocus.com/bid/50039/info\n\nGoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.\n\nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.\n\nGoAhead WebServer 2.18 is vulnerable; other versions may also be affected. \n\nPOST /goform/AddGroup HTTP/1.1\ngroup=<script>alert(1337)</script>&privilege=4&method=1&enabled=on&ok=OK", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645796654}}
GoAhead Web Server 2.18 - addgroup.asp?group Cross-Site Scripting