• info
• discussion
• exploit
• solution
• references

CGI Rescue WebForm Multiple Input Validation Vulnerabilities

CGI Rescue WebFORM is prone to multiple input-validation vulnerabilities, including an HTTP-response-splitting issue and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to perform cross-site request forgery, cross-site scripting, HTTP-request smuggling, and other attacks.

CGI Rescue WebFORM 4.3 and prior versions are vulnerable to these issues.