Description
Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Matt Murphy · textremotewindows
https://www.exploit-db.com/exploits/21698
References (4)
Core 4
Core References
Exploit mailing-list
x_refsource_bugtraq
http://seclists.org/lists/bugtraq/2002/Aug/0158.html
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9812.php
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2002-August/000934.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5435
Scores
EPSS
0.0056
EPSS Percentile
68.5%
Details
CWE
CWE-79
Status
published
Products (4)
blueface/falcon_web_server
2.0.0.1009
blueface/falcon_web_server
2.0.0.1020
blueface/falcon_web_server
2.0.0.1021
blueface/falcon_web_server
2.0.0.1021_ssl
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026