Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter.
5.6AI Score
0.003EPSS
irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.
6.1CVSS
6.2AI Score
0.001EPSS