4 matches found
CGIWrap Charset Specification Weakness Error Message XSS
The remote host is running CGIWrap, a wrapper for CGI scripts to provide enhanced security. The version of CGIWrap installed on the remote host does not specify a charset when responses are for error pages. An attacker may be able to leverage this issue to inject arbitrary HTML and script code in...
CVE-2008-2852
Cross-site scripting XSS vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages...
CVE-2008-2852
Cross-site scripting XSS vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set the charset in error messages...
CVE-2008-2852
CGIWrap before 4.1 is affected by CVE-2008-2852, an XSS due to error messages not specifying a charset. When using Internet Explorer-based browsers, attackers could inject arbitrary HTML/JS via error responses. The OpenVAS/Nessus/VM sources confirm the IE-specific vector and the CGIWrap XSS descr...