header-logo
Suggest Exploit
vendor:
DansGuardian
by:
Unknown
6.1
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: DansGuardian
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:dansguardian_project:dansguardian
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting in DansGuardian

An attacker can launch a cross-site scripting attack by exploiting a problem in the handling of certain types of input to DansGuardian. This can be done by injecting malicious code into the DENIEDURL parameter of the dansguardian.pl script.

Mitigation:

Update to a patched version of DansGuardian.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8876/info

A problem has been reported in the handling of some types of input to DansGuardian. This problem may permit an attacker to launch cross-site scripting attacks.

http://www.example.com/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Test');window.open+("http://www.example.com")</script>

Navigation

Suggest Exploit

Services By CQR