Cross-Site Scripting Vulnerability in Dwarf HTTP Server by Dwarf Software
CVE-2006-0820

Currently unrated

Key Information:

Vendor: Gnome
Status: Dwarf Http Server
Vendor: CVE Published:; 13 March 2006

Summary

The Dwarf HTTP Server version 1.3.2 contains a cross-site scripting (XSS) vulnerability that permits remote attackers to inject arbitrary web scripts or HTML into the web application. This issue arises from the server's failure to properly sanitize error messages, which can be exploited to execute malicious scripts in the context of the affected user's session, potentially leading to data theft or manipulation.

References

http://www.vupen.com/english/advisories/2006/0937

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1015779

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/17123

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 13, 2006
Vulnerability Reserved
Feb 21, 2006