Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-4273

Published: 03/11/2011 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 445
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Goahead

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote malicious users to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.

Vulnerable Product Search on Vulmon Subscribe to Product

goahead goahead webserver 2.1.8

ICS Advisories

Hitachi Energy MSM Product
Critical Infrastructure Sectors: Energy

Exploits

Exploit DB: GoAhead Web Server 2.18 - 'adduser.asp' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/50039/info GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal coo ...
Exploit DB: GoAhead Web Server 2.18 - 'addlimit.asp?url' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/50039/info GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cooki ...
Exploit DB: GoAhead Web Server 2.18 - 'addgroup.asp?group' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/50039/info GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie- ...

References

CWE-79http://www.kb.cert.org/vuls/id/384427http://secunia.com/advisories/46894https://exchange.xforce.ibmcloud.com/vulnerabilities/70434https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-242-03https://www.exploit-db.com/exploits/36219/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook