Family: CGI abuses : XSS --> Category: attack
Noah Grey Greymatter GM-Comments.CGI HTML Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for the version of Greymatter
Detailed Explanation for this Vulnerability Test
The remote host is running Greymatter, a web based log and journal
maintenance system implemented in Perl.
The remote version of this software is vulnerable to an HTML injection
vulnerability due to a lack of filtering on user-supplied input in the
file 'gm-comments.cgi'. A possible hacker may exploit this flaw to perform a
cross-site scripting attack against the remote host.
This software may be vulnerable to another HTLM injection vulnerability
in the file 'gm-cplog.cgi' and to a password disclosure vulnerability
in the file 'gm-token.cgi'.
Solution : None at this time.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.