Vulnerability Description
Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipcop | Ipcop | <= 2.1.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-ForgeExploit
- http://sourceforge.net/p/ipcop/bugs/807/Exploit
- http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-executExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99396
- http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-ForgeExploit
- http://sourceforge.net/p/ipcop/bugs/807/Exploit
- http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-executExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99396
FAQ
What is CVE-2013-7417?
CVE-2013-7417 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: th...
How severe is CVE-2013-7417?
CVE-2013-7417 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7417?
Check the references section above for vendor advisories and patch information. Affected products include: Ipcop Ipcop.