CVE-2003-0615 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the forms action parameter.

Affected Software

Name	Vendor	Start Version	End Version
Cgi.pm	Cgi.pm	2.73 (including)	2.73 (including)
Cgi.pm	Cgi.pm	2.74 (including)	2.74 (including)
Cgi.pm	Cgi.pm	2.75 (including)	2.75 (including)
Cgi.pm	Cgi.pm	2.76 (including)	2.76 (including)
Cgi.pm	Cgi.pm	2.78 (including)	2.78 (including)
Cgi.pm	Cgi.pm	2.79 (including)	2.79 (including)
Cgi.pm	Cgi.pm	2.93 (including)	2.93 (including)
Cgi.pm	Cgi.pm	2.751 (including)	2.751 (including)
Cgi.pm	Cgi.pm	2.753 (including)	2.753 (including)
Openpkg	Openpkg	1.2 (including)	1.2 (including)
Openpkg	Openpkg	1.3 (including)	1.3 (including)
Openpkg	Openpkg	current (including)	current (including)

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000713
http://marc.info/?l=bugtraq\u0026m=105880349328877\u0026w=2
http://marc.info/?l=bugtraq\u0026m=106018783704468\u0026w=2
http://marc.info/?l=full-disclosure\u0026m=105875211018698\u0026w=2
http://secunia.com/advisories/13638
http://securitytracker.com/id?1007234
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
http://www.ciac.org/ciac/bulletins/n-155.shtml
http://www.debian.org/security/2003/dsa-371
http://www.kb.cert.org/vuls/id/246409
http://www.redhat.com/support/errata/RHSA-2003-256.html
http://www.securityfocus.com/bid/8231
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084
https://exchange.xforce.ibmcloud.com/vulnerabilities/12669
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0615
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html