CVE-2009-1591

CGI Rescue Cgi Web Mailer < 1.03 - XSS

Title source: rule

Description

CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allows remote attackers to inject arbitrary HTTP headers, and conduct cross-site scripting (XSS) or HTTP response splitting attacks, via CRLF sequences in an unspecified web form.

References (5)

[Patch] http://jvn.jp/en/jp/JVN28020230/index.html

[Third Party Advisory] http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000024.html

[Vendor Advisory] http://secunia.com/advisories/34862

[Patch, Vendor Advisory] http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20090209180123

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35047

Scores

EPSS 0.0036

EPSS Percentile 57.6%

Classification

CWE

CWE-79

Status published

Affected Products (2)

cgi_rescue/cgi_web_mailer < 1.03

n/a/n/a

Timeline

Published May 08, 2009

Tracked Since Feb 18, 2026