GoAhead WebServer Multiple Cross Site Scripting Vulnerabilities

  • Post author:
  • Reading time:1 mins read

SecPod Research Team member (Prabhu S Angadi) has found Multiple Cross-Site Scripting Vulnerabilities in GoAhead WebServer. The vulnerability is caused by improper validation of input to ‘name’ & ‘address’ parameters in /goform/formTest page. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks.

More information can be found here.

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team