Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openpkg | openpkg | current |
| debian | debian_linux | 3.0 |
| cgi.pm | cgi.pm | 2.751 |
| cgi.pm | cgi.pm | 2.73 |
| cgi.pm | cgi.pm | 2.93 |
| cgi.pm | cgi.pm | 2.78 |
| cgi.pm | cgi.pm | 2.79 |
| cgi.pm | cgi.pm | 2.75 |
| cgi.pm | cgi.pm | 2.74 |
| openpkg | openpkg | 1.2 |
| cgi.pm | cgi.pm | 2.76 |
| openpkg | openpkg | 1.3 |
| cgi.pm | cgi.pm | 2.753 |