header-logo
Suggest Exploit
vendor:
CacheOS
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: CacheOS
Affected Version From: CacheOS 1.0
Affected Version To: CacheOS 1.0
Patch Exists: YES
Related CWE: CVE-2002-0338
CPE: o:cacheflow:cacheos:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

CacheOS Cross-Site Scripting Vulnerability

CacheOS is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient sanitization of user-supplied data. An attacker can construct a link for a nonexistant subdomain of a valid site, and include malicious JavaScript. If followed, the supplied script code will execute within the context of the requested domain.

Mitigation:

CacheFlow has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5305/info

CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow.

User supplied data is not sanitized before being included in an unresolved host error page. An attacker may construct a link for a nonexistant subdomain of a valid site, and include malicious JavaScript. If followed, the supplied script code will execute within the context of the requested domain.

http://dummy.example.com/<script>EVIL CODE</script>

Navigation

Suggest Exploit

Services By CQR