header-logo
Suggest Exploit
vendor:
thttpd
by:
SecurityFocus
7.5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: thttpd
Affected Version From: 2.20b
Affected Version To: 2.20b
Patch Exists: YES
Related CWE: N/A
CPE: thttpd
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, BSD, Solaris, other Unix like operating systems
2002

Cross Site Scripting in thttpd

Cross Site Scripting (XSS) issues has been reported in some versions of thttpd. thttpd fails to check URLs for the presence of script commands when generating error pages, allowing the attacker-supplied code to execute within the context of the hosted site.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious script commands.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4601/info

thttpd is a web server product maintained by ACME Labs. thttpd has been compiled for Linux, BSD and Solaris, as well as other Unix like operating systems.

Cross Site Scripting issues has been reported in some versions of thttpd. thttpd fails to check URLs for the presence of script commands when generating error pages, allowing the attacker-supplied code to execute within the context of the hosted site.

It should be noted that this issue was tested on 2.20b, other versions may also be affected by this issue. 

http://www.host.com/<script>[SCRIPT]</script>

Navigation

Suggest Exploit

Services By CQR