CVE-2007-6700

OpenBSD 4.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Anton Karpov · textwebappscgi

https://www.exploit-db.com/exploits/31081

View Code ZIP pw:eip

References (7)

[Patch] http://secunia.com/advisories/28726

[Mailing List] http://www.mail-archive.com/misc%40openbsd.org/msg49057.html

[Patch] http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/bgplg/bgplg.c

[Exploit] http://www.securityfocus.com/archive/1/487369/100/0/threaded

[Patch] http://www.securityfocus.com/bid/27535

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487350/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019288

Scores

EPSS 0.0456

EPSS Percentile 89.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

openbsd/openbsd

Timeline

Published Feb 05, 2008

Tracked Since Feb 18, 2026