Summary
The remote host runs Faq-O-Matic, a CGI-based system that automates the process of maintaining a FAQ.
The remote version of this software is vulnerable to cross-site scripting attacks in the script 'fom.cgi'.
With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Solution
Upgrade to the latest version of this software
Severity
Classification
-
CVE CVE-2002-0230, CVE-2002-2011 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache Archiva Multiple Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability