N/A

Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.

N/A

N/A

GoAhead Webserver 多个跨站脚本攻击漏洞

GoAhead WebServer是美国Embedthis公司的一款小巧的嵌入式Web服务器，它支持嵌入到各种设备和应用程序中。 GoAhead Webserver 2.18版本中存在多个跨站脚本攻击漏洞。远程攻击者可借助(1)goform/AddGroup的group参数，与addgroup.asp有关；(2)goform/AddAccessLimit的url参数，与addlimit.asp有关；或者(3)user（也称为User ID）参数或(4)goform/AddUser的group参数，与add

N/A

N/A