Description
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Matt Moore · textremotewindows
https://www.exploit-db.com/exploits/21608
References (6)
Core 6
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5198
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81099
Vendor Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9518.php
Release Notes x_refsource_confirm
http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102631742711795&w=2
Scores
EPSS
0.0731
EPSS Percentile
91.7%
Details
Status
published
Products (5)
goahead_software/goahead_webserver
2.1.1
goahead_software/goahead_webserver
2.1.2
goahead_software/goahead_webserver
2.1.3
goahead_software/goahead_webserver
2.1.4
goahead_software/goahead_webserver
2.1.5
Published
Jul 23, 2002
Tracked Since
Feb 18, 2026