CGI:IRC 'nonjs' Interface Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running CGI:IRC and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to CGI:IRC version 0.5.10 or later, For updates refer to http://cgiirc.org/download/

Insight

The flaw is caused by improper validation of user-supplied input passed via the 'R' parameter in the 'nonjs' interface (interfaces/nonjs.pm), that allows attackers to execute arbitrary HTML and script code on the web server.

Affected

CGI:IRC versions prior to 0.5.10.

References

http://osvdb.org/70844
http://secunia.com/advisories/43217
http://www.vupen.com/english/advisories/2011/0346

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0050

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Web Server ETag Header Information Disclosure Weakness
Apache Struts2/XWork Remote Command Execution Vulnerability
Allaire JRun directory browsing vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Ampache Reflected Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities