XSS in Goahead Goahead_webserver
CVE-2011-4273
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to g…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.048 (90.8th percentile) — read the EPSS interpretation.
Affected products
- Goahead Goahead_webserver — versions 2.1.8
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (US Government Resource, x_refsource_CERT-VN, Exploit, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)