Vulnerability Note VU#384427
GoAhead Webserver multiple stored XSS vulnerabilities
GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting (XSS) vulnerabilities.
According to the reporter the following webpages and parameters are affected by stored and reflective XSS vulnerabilities:
Results: Reflected XSS displayed in addgroup.asp, stored XSS in: adduser.asp, addlimit.asp, delgroup.asp.
Results: Stored when user requests dellimit.asp.
addgroup.asp. In this example, you can swap out the group=<script>alert(1337)
for whichever group name you added. password= and passconf= can also be
modified to whichever password you want the new user to have.
POST /goform/AddUser HTTP/1.1
Result: Reflected in reply, stored in: deluser.asp,dspuser.asp.
An attacker with access to the GoAhead Webserver can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
The reporter was unable to confirm if any previous or newer versions are vulnerable to these stored cross site scripting (XSS) vulnerabilities.
|Vendor||Status||Date Notified||Date Updated|
|GoAhead Software, Inc.||Affected||-||07 Oct 2011|
CVSS Metrics (Learn More)
Thanks to Silent Dream for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: Unknown
- Date Public: 10 Oct 2011
- Date First Published: 10 Oct 2011
- Date Last Updated: 10 Oct 2011
- Severity Metric: 0.49
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.