Bandmin 1.4 - Cross-Site Scripting

EDB-ID:

22669




Platform:

CGI

Date:

2003-05-28


source: https://www.securityfocus.com/bid/7729/info

It has been reported that a cross-site scripting vulnerability exists in Bandmin. Because of this, an attacker may be able to execute script code or HTML in the context of the site hosting Bandmin by enticing a web user to follow a malicious link. 

http://www.example.com/bandwidth/index.cgi?action=showmonth&year=[FIRST SCRIPT]&month=[SECOND SCRIPT]

http://www.example.com/bandwidth/index.cgi?action=showhost&month=May&year=2003&host=[THIRD SCRIPT]