9 lines
No EOL
623 B
Text
9 lines
No EOL
623 B
Text
source: http://www.securityfocus.com/bid/4601/info
|
|
|
|
thttpd is a web server product maintained by ACME Labs. thttpd has been compiled for Linux, BSD and Solaris, as well as other Unix like operating systems.
|
|
|
|
Cross Site Scripting issues has been reported in some versions of thttpd. thttpd fails to check URLs for the presence of script commands when generating error pages, allowing the attacker-supplied code to execute within the context of the hosted site.
|
|
|
|
It should be noted that this issue was tested on 2.20b, other versions may also be affected by this issue.
|
|
|
|
http://www.host.com/<script>[SCRIPT]</script> |