CVE-2002-1785

Name of the Vulnerable Software and Affected Versions Zeus Web Server versions 4.0 through 4.1r2

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via the section parameter to "index.fcgi" API endpoint.

Recommendations For Zeus Web Server versions 4.0 through 4.1r2, avoid using the section parameter in the "index.fcgi" API endpoint until a fix is available. Consider restricting access to the index.fcgi endpoint to minimize the risk of exploitation.