Vulnerabilities > CVE-2003-0615 - Cross-Site Scripting vulnerability in CGI.pm Start_Form
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 | |
| Application | 3 | |
| OS | 11 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-371.NASL description A cross-site scripting vulnerability exists in the start_form() function in CGI.pm. This function outputs user-controlled data into the action attribute of a form element without sanitizing it, allowing a remote user to execute arbitrary web script within the context of the generated page. Any program which uses this function in the CGI.pm module may be affected. last seen 2020-06-01 modified 2020-06-02 plugin id 15208 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15208 title Debian DSA-371-1 : perl - XSS NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-084.NASL description Eye on Security found a cross-site scripting vulnerability in the start_form() function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form last seen 2020-06-01 modified 2020-06-02 plugin id 14066 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14066 title Mandrake Linux Security Advisory : perl-CGI (MDKSA-2003:084) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-257.NASL description Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available. Perl is a high-level programming language commonly used for system administration utilities and Web programming. Two security issues have been found in Perl that affect the Perl packages shipped with Red Hat Enterprise Linux : When safe.pm versions 2.0.7 and earlier are used with Perl 5.8.0 and earlier, it is possible for an attacker to break out of safe compartments within Safe::reval and Safe::rdo by using a redefined @_ variable. This is due to the fact that the redefined @_ variable is not reset between successive calls. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1323 to this issue. A cross-site scripting vulnerability was discovered in the start_form() function of CGI.pm. The vulnerability allows a remote attacker to insert a Web script via a URL fed into the form last seen 2020-06-01 modified 2020-06-02 plugin id 12415 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12415 title RHEL 2.1 : perl (RHSA-2003:257)
Oval
accepted 2008-07-07T04:00:16.879-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Nabil Ouchn organization Security-Database name Dragos Prisaca organization Secure Elements, Inc.
definition_extensions comment Solaris 8 (SPARC) is installed oval oval:org.mitre.oval:def:1539 comment Solaris 8 (x86) is installed oval oval:org.mitre.oval:def:2059 comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683
description Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. family unix id oval:org.mitre.oval:def:307 status accepted submitted 2006-09-22T05:52:00.000-04:00 title CGI.pm start_form Cross-Site Scripting Vulnerability version 37 accepted 2007-04-25T19:52:33.013-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security
description Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. family unix id oval:org.mitre.oval:def:470 status accepted submitted 2003-09-25T12:00:00.000-04:00 title CGI.pm Cross-site Scripting Vulnerability version 37
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713
- http://marc.info/?l=bugtraq&m=105880349328877&w=2
- http://marc.info/?l=bugtraq&m=106018783704468&w=2
- http://marc.info/?l=full-disclosure&m=105875211018698&w=2
- http://secunia.com/advisories/13638
- http://securitytracker.com/id?1007234
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
- http://www.ciac.org/ciac/bulletins/n-155.shtml
- http://www.debian.org/security/2003/dsa-371
- http://www.kb.cert.org/vuls/id/246409
- http://www.redhat.com/support/errata/RHSA-2003-256.html
- http://www.securityfocus.com/bid/8231
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12669
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470