CVE-2002-1008 | Vulnerability Database | Aqua Security

Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request.

Affected Software

Name	Vendor	Start Version	End Version
Lil_http_server	Summit_computer_networks	2.1 (including)	2.1 (including)
Lil_http_server	Summit_computer_networks	2.2 (including)	2.2 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2002-06/0332.html
http://archives.neohapsis.com/archives/bugtraq/2002-07/0072.html
http://www.iss.net/security_center/static/9445.php
http://www.securityfocus.com/bid/5115
http://archives.neohapsis.com/archives/bugtraq/2002-06/0332.html
http://archives.neohapsis.com/archives/bugtraq/2002-07/0072.html
http://www.iss.net/security_center/static/9445.php
http://www.securityfocus.com/bid/5115

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1008
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html