Summary
The remote host runs Faq-O-Matic, a CGI-based system that automates the process of maintaining a FAQ.
The remote version of this software is vulnerable to cross-site scripting attacks in the script 'fom.cgi'.
With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Solution
Upgrade to the latest version of this software
Severity
Classification
-
CVE CVE-2002-0230, CVE-2002-2011 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Afian 'includer.php' Directory Traversal Vulnerability
- Apache Rave User Information Disclosure Vulnerability