ACME Labs thttpd 2.20 - Cross-Site Scripting

EDB-ID:

21422


Author:

frog

Type:

remote


Platform:

Linux

Date:

2002-04-25


source: https://www.securityfocus.com/bid/4601/info

thttpd is a web server product maintained by ACME Labs. thttpd has been compiled for Linux, BSD and Solaris, as well as other Unix like operating systems.

Cross Site Scripting issues has been reported in some versions of thttpd. thttpd fails to check URLs for the presence of script commands when generating error pages, allowing the attacker-supplied code to execute within the context of the hosted site.

It should be noted that this issue was tested on 2.20b, other versions may also be affected by this issue. 

http://www.host.com/<script>[SCRIPT]</script>