Published: 16/05/2002 Updated: 18/10/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote malicious users to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
faq-o-matic faq-o-matic 2.712

Due to unescaped HTML code Faq-O-Matic returned unverified scripting code to the browser With some tweaking this enables an attacker to steal cookies from one of the Faq-O-Matic moderators or the admin Cross-Site Scripting is a type of problem that allows a malicious person to make another person run some JavaScript in their browser The JavaScri ...

source: wwwsecurityfocuscom/bid/4023/info FAQ-O-Matic is a freely available, open-source FAQ (Frequently Asked Questions) manager It is intended to run on Linux and Unix variants FAQ-O-Matic does not sufficiently filter script code from URL parameters It is possible to create a malicious link containing arbitrary script code When a l ...

NVD-CWE-Other http://www.debian.org/security/2002/dsa-109 http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367 http://marc.info/?l=bugtraq&m=101293973111873&w=2 http://marc.info/?l=bugtraq&m=101285834018701&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-109 https://www.exploit-db.com/exploits/21263/

CVE-2002-0230

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect