CVE-2011-4273 — MEDIUM (4.3)

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Goahead	Goahead Webserver	2.1.8

Related Weaknesses (CWE)

CWE-79

References

http://secunia.com/advisories/46894
http://www.kb.cert.org/vuls/id/384427ExploitUS Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/70434
http://secunia.com/advisories/46894
http://www.kb.cert.org/vuls/id/384427ExploitUS Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/70434

FAQ

What is CVE-2011-4273?

CVE-2011-4273 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to a...

How severe is CVE-2011-4273?

CVE-2011-4273 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-4273?

Check the references section above for vendor advisories and patch information. Affected products include: Goahead Goahead Webserver.