CGI.pm Start_Form Cross-Site Scripting Vulnerability

CGI.pm is prone to cross-site scripting attacks under some circumstances. This issue occurs because the 'start_form()' function (or other functions that use this function) does not sufficiently sanitize HTML and script code when a form action isn't specified. This could expose scripts that use the function to cross-site scripting attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus