Description
Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Alexander Klink · textwebappsphp
https://www.exploit-db.com/exploits/32443
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.cynops.de/advisories/AKLINK-SA-2008-007.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45515
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31481
Scores
EPSS
0.0055
EPSS Percentile
68.0%
Details
CWE
CWE-79
Status
published
Products (1)
cacert/cacert
20080921
Published
Aug 21, 2009
Tracked Since
Feb 18, 2026