CVE-2001-0987

CGIWrap < 3.7 - Cross-Site Scripting via Error Message Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0987. PoCs published by TAKAGI Hiromitsu.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in CGIWrap, where user-supplied input is not properly filtered, allowing the execution of arbitrary JavaScript code in the context of the victim's browser.

Description

Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.

Exploits (1)

exploitdb WORKING POC VERIFIED
by TAKAGI Hiromitsu · textremotecgi
https://www.exploit-db.com/exploits/21023

This exploit demonstrates a cross-site scripting (XSS) vulnerability in CGIWrap, where user-supplied input is not properly filtered, allowing the execution of arbitrary JavaScript code in the context of the victim's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CGIWrap (versions prior to the fix for CVE-2001-0987)
No auth needed
Prerequisites: A web application using CGIWrap that displays user-supplied input without proper filtering
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/1909
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6886
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3084

Scores

EPSS 0.0319
EPSS Percentile 86.5%

Details

Status published
Products (1)
nathan_neulinger/cgiwrap < 3.7
Published Jul 22, 2001
Tracked Since Feb 18, 2026