2 matches found
CVE-2005-2981
CVE-2005-2981 describes a cross-site scripting (XSS) vulnerability in Orion versions 1.3.8 and 1.4.5 . The issue arises from user-supplied input in the URL not being properly quoted in the resulting 404 error page, enabling an attacker to inject arbitrary script/HTML. The core vulnerability is th...
404 error XSS
The following web servers do not properly sanitize their output when returning a 404 resource not found error which could be used in a XSS attack: Orion 1.3.8 Orion 1.4.5 CompaqHTTPServer 2.1 PoC: http://localhost/scriptalert'XSS'/script -- - Josh...