CVE-2003-0615Cross-site Scripting in Perl

6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
7.2%
top 8.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PerlDebian PerlCgi.pm+2 more
Timeline
PublishedAug 27
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

debiandebian/perl< perl 5.8.0-19 (bookworm)
Debianperl/perl< 5.8.0-19+3
NVDcgi.pm/cgi.pm9 versions+8
NVDopenpkg/openpkg1.2, 1.3, current+2

Also affects: Debian Linux 3.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-8j4w-mr68-r956: Cross-site scripting (XSS) vulnerability in start_form() of CGI2022-04-29
OSV
CVE-2003-0615: Cross-site scripting (XSS) vulnerability in start_form() of CGI2003-08-27

📋Vendor Advisories

2
Red Hat
security flaw2003-07-20
Debian
CVE-2003-0615: perl - Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote...2003

💬Community

1
Bugzilla
CVE-2003-0615 security flaw2018-08-16