Description
Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by superpetz · textremotecgi
https://www.exploit-db.com/exploits/21263
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101293973111873&w=2
Product x_refsource_confirm
http://sourceforge.net/mailarchive/forum.php?thread_id=464940&forum_id=6367
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101285834018701&w=2
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-109
Scores
EPSS
0.0501
EPSS Percentile
89.8%
Details
Status
published
Products (1)
faq-o-matic/faq-o-matic
2.712
Published
May 16, 2002
Tracked Since
Feb 18, 2026