vqServer 1.9.x - CGI Demo Program Script Injection

Author: Matthew Murphy
type: webapps
platform: cgi
port: 
date_added: 2002-04-21  
date_updated: 2012-09-20  
verified: 1  
codes: CVE-2002-0731;OSVDB-9243  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21411.txt  

source: https://www.securityfocus.com/bid/4573/info

vqServer is a HTTP server implemented in Java. vqServer is available on any architecture supporting Java, including Linux and Microsoft Windows.

Reportedly, numerous default CGI scripts included with vqServer suffer from script injection issues, including cross site scripting and the ability to inject script code into cookie content.

http://localhost/cgi/vq/demos/respond.pl<SCRIPT>alert("I%20should%20not%20be%20able%20to%20do%20this!!!")</SCRIPT>